Wirral logo - click here for Wirral MBC Website

Wirral Crest - click here for Wirral MBC Website

Click here to open the Membership Directory of the Wirral Fair Trading Scheme

CSN Registered Member

CLS General Help

Home Page Business Consumer News About us Service
e - Business Advice Sheets

Data Protection Act 1988

What you need to know if you collect personal data

  • If you collect personal data you must notify the Data Protection Registry. You can do this on-line at www.dpr.gov.uk/notify.
  • Under this legislation it is an offence not to be registered if holding Personal Data that can be automatically processed, or uniquely identifies an individual. Recently it has been extended to cover manual records with more safeguards for data subjects.
  • If you use a Website to collect personal information, your site must include a prominent privacy statement which states:
    • How and why the personal data is being processed.
    • Whether it is to be transferred to a third party.
    • Whether it is to be transferred out of the EU.
    • Whether there are any automated decision taking processes based on the information supplied.
    • What security measures are in place.

Legal requirements when collecting data

  • Personal data can only be collected and processed by the provider if permitted by some law or if the individual has unambiguously given his consent.
  • Data must not be processed for any purposes incompatible with those for which the data was initially collected. Data cannot be transferred to third parties without agreement from the data subject.
  • Security measures must be taken to protect the personal data against any accidental or unlawful destruction or accidental loss. Data should not be kept longer than necessary for the purpose for which it was collected.
  • Data should be accurate, complete and kept up-to-date. The customer must have access to any personal data concerning him/her that is being processed or kept. A request for correction or deletion of incorrect personal data must be granted within a reasonable period of time.
  • The customer must have the possibility to opt-out of the processing operation of his/her data and to refuse certain use of the data.
  • The level of security must be appropriate to the risk presented by processing and the nature of the data. The individual has the right to object to the processing of personal data relating to him if it is used for the purpose of direct marketing.

What you need to know if you use databases for promotional purposes

The Advertising Standards Authority's (ASA's) Code of Practice also regulates sales promotions, one section of which specifically deals with the use of databases.

The ASA Codes can be viewed at http://www.asa.org.uk. The following rules are those that specifically relate to databases:

  • Database owners, brokers and users should:
    • ensure that their databases for rental are accurate and up-to-date and have been run against the most appropriate and recent suppression file operated by the appropriate Preference Service
    • be able to identify anyone who has objected in the last 5 years, or who has not had an opportunity to object to their inclusion on any database that is to be disclosed to others
    • avoid duplication
    • act promptly to correct personal information
    • ensure that anyone who has been notified as dead is not contacted again and, where appropriate, should refer the notifier to the relevant suppression service.
    • comply with the provisions of any current data protection legislation.
  • Database users should:
    • ensure, where possible, that those approached are not inappropriate for the offer
    • not use databases or selections from them that are more than a maximum of 6 months old unless they have been updated
    • inform the database owner of any requested corrections within 60 days
    • if asked, give the sources of names on their database promptly to anyone listed or to the ASA.
  • Database owners should:
    • satisfy themselves, and obtain an assurance from users, that any literature used in an offer complies with the Codes
    • make corrections or suppressions themselves, or ensure that their users do, if a mailing is delayed by more than 6 months
    • require their users to inform them of requests for correction within 60 days
    • be able to demonstrate their compliance with this Code regarding database rental.
  • Except where it is obvious from the context, or where individuals already know, consumers should be informed at the time when personal information is collected:
    • who is collecting it
    • why it is being collected
    • if it is intended to disclose the information to third parties, including associated companies, or put the information to some other significantly different use, in which case an opportunity to object should be given in advance.
  • If, after collection, it is decided to put information to a use that is significantly different from the one originally intended, consumers must first be advised and given 30 days to object. A significantly different use includes:
    • the disclosure of personal information to third parties for direct marketing purposes
    • the use or disclosure of personal information for any purpose substantially different from that which consumers could reasonably have foreseen and to which they might have objected.
  • The extent and detail of personal information held for any purpose should be adequate and relevant, and should not be excessive for that purpose.
  • Personal information must always be held securely and should be safeguarded against unauthorised use, disclosure, alteration or destruction.
  • Individuals are entitled to have their names removed from a company's database. However, if individuals wish to reduce all unsolicited contact, they should be advised to enter their names on all relevant suppression databases.
  • Individuals who have asked for information about them to be suppressed should not be contacted again for a minimum of 5 years from the date of their request, unless they ask to be reinstated.
  • Businesses are permitted to use any published information that is generally available provided the individual concerned is not listed on any suppression file.

Please Note

The above guidance is intended for traders and offers practical advice. It is not a definitive statement of the law.

For further advice, please contact the Office of the Information Commissioner at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel 01625 545745 or email data@dataprotection.gov.uk.

The Website for the Information Commissioner contains on-line seminars and access to guidance and publications: www.dataprotection.gov.uk

-----

Top of Page Message

Trading Standards Division, 3rd Floor, Wallasey Town Hall, Brighton Street, Wallasey, Wirral CH44 8ED
Telephone: (0151) 691 8020    Fax: (0151) 691 8098
Internet World Wide Web http://www.tradingstandards.gov.uk/wirral/
Electronic Mail: tradingstandards@wirral.gov.uk

Copyright © Wirral Trading Standards Division 2007