Business growth can often mean administrative systems and procedures can become outdated. It’s vital that firms keep on top of their legal obligations regarding personal data.
This week, Real Business will be publishing a series of legal advice guides focused on data protection.
To comply with the Data Protection Act 1998, all businesses must adhere to eight data protection principles when handling personal data. Yet businesses often have questions about how the principles apply to their business.
We asked Peter Harthan from Riverview Solicitors what the most common questions asked by businesses are. Here is today’s question and answer:
I’ve been told that I should get a “fair collection” or privacy notice, what is it and what should it say?
Many organisations provide their customers with a “fair collection” or privacy notice at the start of their relationship. This is basically a written statement of what types of information the business will collect about them, why they need it and what they will do with it.
Fair collection notices are the best way of fulfilling your legal obligations under the first data protection principle. The level of detail to be included will depend on what type of personal data your business handles and what you do with it.
The Information Commissioner’s Office (ICO) has published a code of practice on privacy notices, intended to help businesses provide more user-friendly notices. It gives advice on drafting notices and how they can be provided, including examples of good and bad practice in this area. You can find this guidance on the ICO website.
Tomorrow: Can we record phone calls with our customers?