Failure to notify under the Data Protection Act could prove costly
All businesses which process personal data in an automated form (most commonly by inputting data onto a computer system) are obliged to notify the Information Commissioner’s Office (ICO) that they are data controllers, unless they fall into one of the exemptions under the legislation. Businesses which do not comply can face fines of up to £5,000 in the Magistrates Court and if the matter is dealt with in the Crown Court, could face unlimited fines.
Failure to notify, even after the ICO urged him to do so, meant that estate agent John Merfyn Pugh of Merfyn Pugh Estate Agents found himself in front of Caernarfon Magistrates Court recently. Although he was given a conditional discharge, Mr Pugh was ordered to pay £614 towards prosecution costs, but there will also be the additional costs to his business through the adverse publicity involved with his case.
Many businesses collect personal data via enquiry forms on their websites or in other ways and if you do this, you need procedures in place to protect the personal data you are collecting. Anyone who processes personal data under the DPA needs to adhere to the eight principles set out in the Act, which include the need to keep personal information secure, obtain it and process it fairly and lawfully and keep it accurate and up to date.
To discuss how Machins Solicitors LLP can assist you with your Data Protection obligations, please contact Sarah Liddiard, company commercial solicitor on 01582 514000 or visit Machins Solicitors LLP website at www.machins.co.uk