Skip to main content
Home page
Site map
Contact Us
0116 442 2076
The Data Protection Act 1998 requires every organisation that processes personal data to register with the Information Commissioner’s Office (ICO), unless they are exempt. Failure to do so is a criminal offence.Responsibility for this rests with the person or persons in the business who collect and use the data (the ‘data controller’).

According to ICO guidance, information will constitute personal data if it can be used, either alone or with other information in the possession of the data controller, to identify an individual person.

Where personal information is collected then, unless the intended use is obvious, you must provide certain details before you collect any personal data.

This basic information, and the choices available to your customers or clients, should be displayed in an intelligible and prominent form (e.g. the option for a customer to opt in or out to certain uses of his data as required by law should ideally be included in any online registration form).

Typically, you should ensure that your clients and customers are aware of:
  • The identity of the person or organisation responsible for operating the website and of anyone else who collects personal information through the site.
  • The purpose for which the data controller will process their information.
  • Any other information needed to ensure the processing is fair to individuals, taking account of the specific circumstances of the processing.
The ICO has a number of powers when it comes to taking action to change the behaviour of organisations and individuals that collect, use and keep personal information. They include criminal prosecution, non-criminal enforcement and audit. The Information Commissioner also has the power to serve a monetary penalty notice on a data controller.

For more information please contact David Heys at Lawson-West Commercial on 0116 212 1000.