Data Protections check points
- Recruitment and managing staff records
- Monitoring staff at work
- Using CCTV
- Get advice on data protection
You must follow rules on data protection if your business stores or uses personal information.
This applies to information kept on staff, customers and account holders, eg when you:
- recruit staff
- manage staff records
- market your products or services
- use CCTV
This could include:
- keeping customers’ addresses on file
- recording staff working hours
- giving delivery information to a delivery company
For information on direct marketing, see marketing and advertising: the law.
Data protection rules
You must make sure the information is kept secure, accurate and up to date.
For example, when you collect someone’s personal data you must tell them:
- who you are
- how you’ll use their personal information
- they have the right to see the information and correct it, if it’s wrong
Also say if the information will be used in other ways – eg if it may be passed to other organisations.
The main data protection rules are set out in the data protection principles.
What you have to do
- tell the Information Commissioner’s Office (ICO) how your business uses personal information
- respond to a data protection request, if someone asks to see what information you have about them
You could be given a heavy fine or made to pay compensation if you misuse personal data.