Previous Page

Data Protection And Your Business

Data Protection And Your Business 3.00/5 (60.00%) 1 vote
Tuesday 13th February 2018 No Comments »
Data Protection And Your Business


You must follow rules on data protection if your business stores or uses personal information.

This applies to information kept on staff, customers and account holders, eg when you:

  • Recruit staff
  • Manage staff records
  • Market your products or services
  • Use CCTV

This could include:

  • Keeping customers’ addresses on file
  • Recording staff working hours
  • Giving delivery information to a delivery company

For information on direct marketing, see marketing and advertising: the law.

Data protection rules

You must make sure the information is kept secure, accurate and up to date. For example, when you collect someone’s personal data you must tell them:

  • Who you are
  • How you’ll use their personal information
  • They have the right to see the information and correct it, if it’s wrong

Also say if the information will be used in other ways – eg if it may be passed to other organisations.

The main data protection rules are set out in the data protection principles.

What you have to do

You must:

  • Tell the Information Commissioner’s Office (ICO) how your business uses personal information
  • Respond to a data protection request, if someone asks to see what information you have about them

If you misuse personal data, you could be given a heavy fine, or made to pay compensation.

Recruitment and managing staff records

You must keep any data you collect on staff secure – eg lock paper records in filing cabinets or set passwords for computer records.

Only keep the information for as long as you have a clear business need for it, and dispose of it securely afterwards (eg by shredding).

Recruiting staff

You must give the name of your business and contact details (or those of the agency) on job adverts. Only collect the personal information you need on application forms, and don’t ask for irrelevant information, like banking details.

Example: You will usually only have to ask about motoring offences if driving is part of the job.

Only keep the information for recruitment – eg don’t use it for a marketing mailing list.

Keeping staff records

Make sure only appropriate staff, with the right training, can see staff records, and store sensitive information (eg about health or criminal records) separately.

Example: Don’t let managers access a worker’s sickness record if they only need to see a simple record of their absences.

If you’re asked to provide a reference, check the worker or ex-staff member is happy for you to do so.

Letting staff see their records

Your staff have the right to ask for a copy of the information you hold about them. This includes information about grievance and disciplinary issues. You must respond to their request within 40 days.

You can turn down their request if the information concerns someone else – eg you need to protect someone who’s accused them of harassment.

Staff can complain if they think their information is being misused, and you could be ordered to pay a fine or compensation.

Monitoring staff at work

You must be able to justify monitoring staff at work, which could include:

  • Using CCTV
  • Keeping records of phone calls
  • Logging their email or internet use
  • Searching staff or their work areas

Employees have rights at work and if you don’t treat them fairly they could:

  • Take you to an employment tribunal
  • Complain to the Information Commissioner

You must make them aware that they’re being monitored, and why – eg by sending them an email.

Also explain your policies on things like using work computers or phones for personal use.

Monitoring staff without their knowledge

You can monitor staff without their knowledge if:

  • You suspect they’re breaking the law
  • Letting them know about it would make it hard to detect the crime

Only do this as part of a specific investigation, and stop when the investigation is over.

Using CCTV

If your business uses CCTV, you must tell people they may be recorded. This is usually done by displaying signs, which must be clearly visible and readable. You must also notify the Information Commissioner’s Office (ICO) why you’re using the CCTV. You should control who can see the recordings, and make sure the system is only used for the purpose it was intended for.

If the system was set up to detect crime, you should not use it to monitor the amount of work done by your staff.

Letting people see CCTV recordings

Anyone can ask to see images that you’ve recorded of them. You must provide these within 40 days, and can charge up to £10. Find out more about using CCTV on the ICO website.

Data protection rules don’t apply if you install a camera on your own home to protect it from burglary.

Get advice on data protection

For more information and advice:

  • Read the Information Commissioner’s Office (ICO) guidance for organisations
  • Contact the ICO

ICO Head Office – England
0303 123 1113

ICO Wales
029 2067 8400

ICO Scotland
0131 301 5071

ICO Northern Ireland
028 9026 9380

At Bizorb we aim to provide the most accurate and up to date information to you. This article contains public sector information licensed under the Open Government Licence v1.0. If you spot any errors in this article please let us know.

What do you think?