Consultancy: Compliance with the UK Data Protection Act 1998
The Data Protection Act 1998 (DPA) states that all organisations which hold or process personal data must comply with DPA requirements. From April 2010, the powers of the Information Commissioner (the regulator for the DPA) were significantly strengthened, as a result of which any organisation found to be in breach can now be fined up to £500,000. For some, even a severe fine can be a relatively small price to pay when compared to the reputational damage resulting from the negative press coverage an incident.
Schedule 1 of the Act sets out eight principles that organisations must comply with to ensure personal data is:
treated fairly and lawfully;
treated with specific and specified purposes;
adequate, relevant and not excessive;
accurate and up to date;
not retained for longer than necessary;
processed in accordance with individuals rights;
held with appropriate levels of security;
not transferred abroad without ensuring of adequate levels of legal protection.
Please email us or telephone 0845 070 1750 for more on how we can help you achieve DPA compliance cheaply, quickly and painlessly.
IT Governance DPA services:
Assistance to notify with the information commissioner (a legal requirement)
Certified training courses for Data Protection Officers
Public training courses
Toolkits and documentation
Help achieving the creation of a BS 10012-compliant Personal Information Management System (PIMS)
Help achieving ISO27001 compliance and improvements to information security
Help achieving ISO22301 and improvements to business continuity
DPA Compliance Gap Analysis
As well as providing a selection of books on the DPA, IT Governance has an efficient DPA consultancy service which can help you assess your current level of compliance with the DPA.
Our experienced data protection consultants can assess the exact standing of your current legal situation, security practices and operating procedures in relation to DPA compliance. By examining procedures such as direct marketing practices, fair processing notices, and retention and deletion procedures, our consultants can identify any gaps, and then create and implement a remedial plan which will not only enable you to bring your business into full compliance with the DPA, but also will ensure you keep yourself compliant in the future.
Our service will tell you what you need to know quickly and effectively. Then, if you need our help to achieve DPA compliance, we can assist with remediation.
Organisations which process personal data must complete a notification with the Information Commissioner. This notification includes:
What personal data is processed,
The purposes for which it is processed, and
Where it is obtained and to whom it is disclosed.
It is critical that this notification is completed and kept up to date and accurate.
We provide a range of training courses relating to the Data Protection Act to suit various organisational needs.
Our public course is a one-day introduction to Data Protection Act compliance delivered by a data protection practitioner who is experienced in applying the principles to real-life situations. This course offers advice about, and a thorough understanding of, the DPA’s requirements.
In-house training courses may be more cost-effective if you have a number of staff who wish to understand the requirements of the DPA. At IT Governance we are experienced providers of customised staff awareness courses.
If you are a data protection officer/practitioner yourself, you may want a formal qualification and an advanced level of knowledge to best advise your organisation. IT Governance offers the BCS ISEB in Data Protection, a five-day practical course with a written examination, successful completion of which will demonstrate an advanced level of knowledge and ability.
Email us or call us on +44 (0) 845 070 1750 for more information on any of these courses.
BS10012 – A Personal Information Management System (PIMS)
Sometimes the problem with Data Protection compliance is that management have no way of being continually assured that the organisation is in compliance. The BS 10012 Standard specifies the requirements for a Personal Information Management System (PIMS).
BS 10012:2009 sets out a series of requirements for establishing policies, procedures, training, audits, management meetings and measurements which focus on data protection though a ‘plan-do-check-act’ cycle.
This cycle ensures that compliance measures are planned and undertaken so that continual improvement in this area is established and maintained on an ongoing basis, enabling the management team to have greater overall organisational awareness.
Establishing a PIMS as part of your overall business management system will ensure that data protection management is placed within a robust framework which will be looked upon favourably by the regulator.
Email us or call us on +44 (0) 845 070 1750 to find out how IT Governance can help you to implement a Personal Information Management System.
Information Security and Business Continuity
Principle 7 of the Data Protection Act looks at ensuring that personal data is held with ‘appropriate technical and organisational security’ and is protected against ‘unauthorised disclosure, loss or damage’.
To ensure this, it is critical that you have appropriate information security and business continuity measures in place. This can involve certification to international and national standards such as ISO27001 and ISO22301, which prove to stakeholders that you have the correct approach in these areas, as certified by the Information Commissioner.
Please email us or telephone 0845 070 1750 and talk to us about how we can help you achieve DPA compliance quickly and painlessly.