Are your clients compliant? Data Protection Act.

Many small businesses will have failed to recognise that they have a legal obligation in relation to data protection.

All companies are legally obliged to protect any personal information they hold, and may be required to notify with the information Commissioner’s Office (“ICO”). As you know the Data Protection Act (“DPA”) requires all organisations which handle personal information to comply with a number of important principles regarding privacy and disclosure.   The eight principals are: 

1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than is necessary
6. Processed in line with your rights
7. Secure
8. Not transferred to other countries without adequate protection

The Act also provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records. Failure to comply with the DPA allows the ICO to either: 

• serve enforcement notices and 'stop now' orders where there has been a breach of the Act.; or  
• prosecute those who commit criminal offences under the Act.

 So whose responsibility is it to ensure that our client’s comply with the law – well without a doubt it is the directors. But do us as accountants have a duty to make our clients aware of the Act and the ICO. Duty may be a bit far. but most definitely we should be assisting our clients to not breach the law and bring to their attention an outline of the requirements, point them in the direction of the ICO website www.ico.gov.uk and suggest they seek professional assistance.

www.wisteriaformations.co.uk  -  Company Formations  www.wisteria.co.uk -  Wisteria Chartered Accountants and Chartered Tax Advisers.