Contact Us: +44 (0) 845 070 1750 

New Search
Information
Online Shop

Consultancy: Compliance with the UK Data Protection Act 1998

The Data Protection Act 1998 (DPA) applies to all organisations in the UK; ALL organisations that hold or process personal data MUST comply with the requirements of the DPA. Though by no means the whole of the act, its Schedule 1 set out eight principles for organisations to comply to, this ensures that personal data is treated:

  • fairly and lawfully
  • with specific and specified purposes
  • is adequate, relevant and not excessive
  • is accurate and up to date
  • is not retained for longer than necessary
  • is processed in accordance with individuals rights
  • is held with appropriate levels of security
  • is not transferred abroad without ensuring of adequate levels of legal protection.

From April 2010 the powers of the Information Commissioner who is the regulator for this piece of legislation have been strengthened, and can lead to fines of up to £500k for organisations that are in breach of the DPA - and the associated negative press coverage could be very damaging for the organisation and for its directors.

 

Please email us or telephone 0845 070 1750 and talk to us about how we can help you achieve DPA compliance quickly and painlessly.

 

Recent research indicates that many organisations are, at best, only notionally compliant. If you don't know that you are definitely compliant ... you may, in fact, not be anywhere near where the law requires you to be.

IT Governance offers a range of services surrounding the Data Protection act, including:

  • Gap Analysis
  • Assistance to notify with the information commissioner (a legal requirement)
  • In house training
  • Certified training courses for Data Protection Officers
  • Public training courses
  • Toolkits and documentation
  • Help achieving the creation of a BS 10012 compliant PIMS (Personal Information Management System)
  • Help achieving ISO 27001 and improvements to information security
  • Help achieving BS 25999-2 and improvements to business continuity

DPA Compliance Gap Analysis

You can achieve DPA compliance by using our books and tools, or you can use our experienced DPA consultancy service to assess your current level of compliance with DPA, identify any gaps, create and then implement a remedial plan, and keep yourself compliant thereafter.

 

Our experienced data protection consultants can assess exactly where your current security practices, legal situation and operating procedures are in terms of compliance to the law, including direct marketing practices, fair processing notices, retention and deletion procedures etc., and can identify the steps that you will need to take to bring your business into full compliance with the DPA. Our service is quick, discrete, painless and efficient - we tell you what you need to know quickly and effectively and if you need our help, we can assist with remediation.

Notification Assistance

Organisations which process personal data must complete a notification with the Information Commissioner. This notification includes:

  1. what personal data is processed,
  2. the purposes for which it is processed and
  3. who it is obtained from and disclosed to.

It is critical this notification is completed and kept up to date and accurate, as it is an offense not to undertake this activity. IT governance can complete a personal data audit to ensure that your notification accurately reflects your business processing of personal data.

Toolkits and Documentation

You can achieve DPA compliance by using our books and tools.

Training

We offer a range of training courses surrounding the Data Protection Act to suit various organisational needs.

 

Our public course is a one day introduction to Data Protection Act compliance, which offers advice and an understanding of the requirements from an experienced data protection practitioner, who is experienced in applying the principles to real life situations.

 

In-house training courses may be more cost effective if you have a number of staff who wish to understand the requirements, and IT Governance have years of experience putting together customised training courses to ensure a basic level of staff awareness in the subject, thus increasing internal awareness of the requirements.

 

It may be you are a data protection officer/practitioner yourself, and wish for a formal qualification and an advanced level of knowledge in order to best advise your organisation. IT Governance offers the BCS ISEB in Data Protection, a five day practical course with a written examination to pass that demonstrates your knowledge and ability. Contact us today if you are interested in gaining this formal qualification.

BS 10012 – A personal Information Management System

Sometimes the problem with data protection compliance is that management have no way of being continually assured that the organisation is in compliance. BS 10012 looks at a Personal Information Management System or PIMS.

 

The standard sets out a series of requirements for the establishment of a series of policies, procedures, training, audits, management meetings and measurements that focus on data protection though a ‘plan-do-check-act’ cycle. This ensures that organisationally the management team have visibility and assurance that appropriate compliance measures are planned and undertaken, and have a much greater visibility of any issues that arise, ensuring that continual improvement in this area is established and maintained on an ongoing basis.

 

Establishing a PIMS as part of your overall business management system will ensure that data protection management is placed within a robust framework looked upon favourably by the regulator.

Information Security and Business Continuity

Principle 7 of the Data Protection Act looks at ensuring that personal data is held with ‘appropriate technical and organisational security’ and is protected against ‘unauthorised disclosure, loss of damage’.

 

To ensure this it is critical that you have appropriate information security and business continuity measures in place, which can involve certification to international and national standards such as ISO 27001 and BS 25999-2. These prove to stakeholders that you have the correct approach in these areas, and have been quoted by the information commissioner as favourable in order to achieve data protection compliance.

 

Please email us or telephone 0845 070 1750 and talk to us about how we can help you achieve DPA compliance quickly and painlessly.

Untitled Page

Featured Product
FREE CO2 calculator
Our clients
Subscribe to our newsletter
Read the latest from IT Governance on the IT Governance Blog
Top 5 Sellers
Latest News
Alan Calder's Blog
138 © 2003 - IT Governance Ltd. | eCommerce by Xanthos