Latest insights from our experts
The Data Protection Act 1998
The Data Protection Act 1998, “the Act” applies to all park owners who process personal data. This may relate to records of residents, employees, prospective customers or anyone else whose personal information is recorded. The Act covers collecting, holding, disclosing, using and even destroying personal information – so most situations in which personal data may be handled.
If a park owner processes personal data there are three basic requirements which must be met.
The first requirement is that a park owner must register with the Information Commissioner before any personal data is processed. A park owner will only be exempt if they only hold the personal data on a manual filing system which isn’t organised by name or in such a way that identification about an individual is readily accessible, or if the personal data is only used for one of the following core business principles: advertising, marketing and public relations; accounts and records; or staff administration. In in doubt whether you need to register, the Information Commissioner’s Office has a self-assessment tool available through its website. Failure to register when there is a requirement to do so is a criminal offence.
The second requirement is that a park owner must comply with all eight of the principles laid down by the Act. A park owner must meet this requirement regardless of whether they are exempt from notifying the Information Commissioner or whether the data is kept on a computer or manual system. Such principles include:
- Processing data fairly and lawfully – consent is generally required;
- Personal data must be accurate and kept up-to-date;
- Personal data processed for any purpose shall not be kept longer than is necessary to meet that purpose – do you have a system for deleting outdated data?
The third requirement is that a park owner must comply with the rights of the individual whose data is processed. There are eight distinct rights which include: rights of access; rights to prevent the processing of data for purposes of marketing and a right to object to processing that is likely to cause damage or distress.
Non-compliance with these requirements can result in adverse consequences for a park owner including enforcement action by the Information Commissioner or prosecution.
If you have any queries about the Data Protection Act 1998 then contact the Parks team by telephone 01392 207020 or email firstname.lastname@example.org