Last modified: 3/2010
All organisations processing personal information must comply with The Data Protection Act 1998, whether information is stored on computers or manual records.
The role an organisation plays in storing information is called the Data Controller. This is typically an organisation level role i.e. a limited company, but must also be a named individual, such as a Director, who will take responsibility for ensuring the organisation complies with the requirements of the Act.
Organisations need to notify (aka register with) the Information Commissioners Office (ICO), unless the organisation can assess that they qualify for certain exemptions, the most common of which is that they ONLY process personal information for:
However, there are many exclusions from the above exemption criteria, and you should use the link provided below to complete the online self-assessment to determine if you really are exempt.
One of the most common exclusions is that an organisation CANNOT be exempt from notification under the above criteria if it carries out any of the following business roles:
You are strongly advised to carry out the self-assessment to determine if you are required to notify the ICO. The self-assessment is available at:
If you have established that you are not exempt, notification can be done at:
If you've determined categorically that your organisation is exempt from notifying the ICO, you are not off the hook with respect to compliance with the Data Protection Act 1998.
Whether exempt or not, all organisations must have in place administrative and security policies to protect all personal data under their control.
This is generally a link from the footer of every page on the website to a page containing the policy.
Unless you have a policy already worded, we recommend sourcing a ready made policy from Website Law:
Website Law's standard policy is available free of charge on condition that a link to their website remains at the foot of the document.
Alternatively the policy can be de-badged in return for a modest fee.
ITw3 Web Solutions is a trading name of ITw3 Limited
Registered in England and Wales
Registered office: Churt Lea Cottage Thursley Road Farnham GU10 2LQ
VAT registration No.
All prices quoted are subject to VAT at the prevailing rate
ITw3 Web Solutions
tel. +44 (0)1428 788242
mob. +44 (0)7788 883230
Copyright © 2007-2017 ITw3 Limited