Solicitors in Leeds

LEEDS TRADEMARK & COPYRIGHT LAWYERS – GUIDE TO IP LAW

Data protection

• The Data Protection Act 1998 governs the ‘processing’ of any personal information by business and other organisations.
• The Act deals with information stored on computers and in hard copies
• You should inform the Information Commissioner if your business processes information through computers or CCTVs

Personal data must be:

• fairly and lawfully processed – each person needs to give consent in order to process personal data, it is essential to comply with legal obligations
• acquired  for specific and lawful purpose
• sufficient, applicable and no more than is necessary
• correct and up to date
• kept only for as long as it is essential
• deals with the rights of the individual
• protected against illegal processing, loss, destruction or damage
• transferred to country outside the European Economic Area (EEA) only if it is ensured that there is an sufficient level of protection

In order to comply with the principles, you can only gather the necessary information and the person that is a subject of the process must be informed as soon as practicable.

• There are 28 days to put things right if the information held is incomplete or incorrect.
• You should delete the information that you do not require.
• Use secured systems to protect against destruction or theft.
• Individuals can be charged about £10 for written information they request. The information should be written in a simple language and provided to the applicant within 40 days of the request.
• It is important to look out for sensitive information such as race, political views, religion or sex life. In these circumstances, the information can only be processed with the person’s consent.

The Information Commissioner encourages good practice and takes control if it is necessary to enforce certain actions.