What is personal data?

According to the Data Protection Act personal data means

data which relate to a living individual who can be identified –

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Where the ability to identify an individual depends partly on the data held and partly on other information (not necessarily data), the data held is still “personal data”.

It is also very important to remember that the definition also specifically includes opinions about the individual, or what is intended for them. This could apply to notes made at an interview or a managers assessment of an individual at the end of their probationary period.

If you have concerns about compliance with the Data Protection Act our Data Protection MOT may be just for you. Read more…

Southern Entrepreneuers – PORTSMOUTH FREE EVENT

Regulation for Small Business

06 Dec 2016 10:00 – 13:00

Enterprise Centre – PORTSMOUTH

This workshop will give an awareness of the areas of regulation that may apply to a business and how to go about developing compliance controls as a response to the ever increasing number of regulations and need for operational transparency.

Find out more and book your place…

Free Southern Entrepreneurs Event – Regulation for Small Business

06 Dec 2016 10:00 – 13:00

Enterprise Centre – PORTSMOUTH

This workshop will give an awareness of the areas of regulation that may apply to a business and how to go about developing compliance controls as a response to the ever increasing number of regulations and need for operational transparency.

Read more and book your place on the Southern Entrepreneurs website…

Does a data processor have to inform the data owner of a security breach?

Although there is no legal obligation on data controllers to report breaches of security which result in loss, release or corruption of personal data, the Information Commissioner expects serious breaches (which are not defined) to be reported.

There should be a written agreement in place (a requirement of the Data Protection Act) and ideally this should give guidance. However the Data Controller is unlikely to be able to comply with their obligations if they are not told about the situation.