Data Protection Act
- Thread starter emzlou
- Start date
Help Support SalonGeek:
loubylou
Well-Known Member
I didn't even know we were supposed to have one
wishbabe
Well-Known Member
I thought the law was as long as you had the documentation locked away or under password control on the computer that was fine?
Gilly T
Well-Known Member
There's some info on wikipedia in 'our' language that might be of use. It's easier to understand that some other bumph! It does say 'held on computer' or 'some other filing system' which could be even a diary in some cases.
Data Protection Act - Wikipedia, the free encyclopedia
hths xx
Data Protection Act - Wikipedia, the free encyclopedia
hths xx
hi I found the information that will tell you if you need to have a certificate or not. I do not need to have one. it is a quick and easy process, it asks you simple things to do with your business. I did mine in 2 mins and got an answer straight away.
if you go on the business link website.
go under It @ e.commerce (left side) or go in the search area at the top and put data protection it will come up.
once the comply with data protection comes up, go on actions (to the right of the page) this is an interactive tool
click on the to find out if you need to notify the info commissions about the data your business holds (which cost £35.00 a year)
and answer the simple questions that come up, i had to only answer 2 and they said I did not need to register my business.
hope this helps.
if you go on the business link website.
go under It @ e.commerce (left side) or go in the search area at the top and put data protection it will come up.
once the comply with data protection comes up, go on actions (to the right of the page) this is an interactive tool
click on the to find out if you need to notify the info commissions about the data your business holds (which cost £35.00 a year)
and answer the simple questions that come up, i had to only answer 2 and they said I did not need to register my business.
hope this helps.
Gilly T
Well-Known Member
Not sure if people are aware of this... apologies if they do, but I believe that if you are going to be 'processing' i.e. using the client information you hold then you need to register with the ICO (information commissioners office).
Notify the ICO when processing personal information - Information Commissioner's Office - ICO
What constitues 'processing' I'm not sure.. perhaps sending special offer letters/flyers or even finding clients treatment history/records etc., ??
Again, just a little bit of info that may help anyone if they want to look into it. I know I will be once I start keeping client records. Sorry if I'm boring you with this but I was interested in this thread myself and thought I better look into it for my own benefit.
Gillian x
Notify the ICO when processing personal information - Information Commissioner's Office - ICO
What constitues 'processing' I'm not sure.. perhaps sending special offer letters/flyers or even finding clients treatment history/records etc., ??
Again, just a little bit of info that may help anyone if they want to look into it. I know I will be once I start keeping client records. Sorry if I'm boring you with this but I was interested in this thread myself and thought I better look into it for my own benefit.
Gillian x
Hi I used to be Data Protection guru in my previous life in Marketing! [/FONT]
We all fal under the Data Protection Act as we hold information on our clients in particular sensitive data such as health info. You are processing data by filing out record cards and treatment plans - written or on computer it doesn't matter. EDITED THE ACT APPLIES ONLY IF YOU ARE PROCESSING DATA ON COMPUTER - VERY SORRY
The "Information commissioners" office who handle everything were always really helpful when I contacted them. They should be able to help mobile therapist about how they would display it with being on the move.
Business Link often have easier to understand guides so try their website too.
Here is some info I wrote on my assignment for college, hope it helps:
Data Protection Act 1998
This Act is in place to regulate how personal information is used and to protect it from misuse. This includes information held on clients, suppliers and staff (current, prospective and past). This also includes any information held by third parties on your behalf i.e. website handler who takes your online bookings.
The act is a set of rules based on common sense and applies to digital records and some paper. The basic explanation of the act is that it has eight principles, which are common sense rules to follow:
The 8 Data Protection Principles
Personal information should be:
Processed fairly and lawfully i.e. your client may have a short fuse, but this should not be kept on record.
Processed for limited purposes i.e. for the context it was originally captured.
Adequate, relevant and not excessive i.e. data should not be captured just because you think it may come in handy one day.
Accurate and where necessary kept up to date i.e. contraindications.
Processed in accordance with your rights.
Kept secure i.e. sensitive information filed securely and out of public way, under lock and key and accessed only by approved personnel.
Not transferred abroad unless there is adequate protection for the information i.e. delivery details of direct order to a customer from an American supplier.
Every individual has a right request in writing for access to all of their personal information the company holds on them. The company reserves the right to charge for this retrieval.
I hope I don't sound like a complete geek!
We all fal under the Data Protection Act as we hold information on our clients in particular sensitive data such as health info. You are processing data by filing out record cards and treatment plans - written or on computer it doesn't matter. EDITED THE ACT APPLIES ONLY IF YOU ARE PROCESSING DATA ON COMPUTER - VERY SORRY
The "Information commissioners" office who handle everything were always really helpful when I contacted them. They should be able to help mobile therapist about how they would display it with being on the move.
Business Link often have easier to understand guides so try their website too.
Here is some info I wrote on my assignment for college, hope it helps:
Data Protection Act 1998
This Act is in place to regulate how personal information is used and to protect it from misuse. This includes information held on clients, suppliers and staff (current, prospective and past). This also includes any information held by third parties on your behalf i.e. website handler who takes your online bookings.
The act is a set of rules based on common sense and applies to digital records and some paper. The basic explanation of the act is that it has eight principles, which are common sense rules to follow:
The 8 Data Protection Principles
Personal information should be:
Processed fairly and lawfully i.e. your client may have a short fuse, but this should not be kept on record.
Processed for limited purposes i.e. for the context it was originally captured.
Adequate, relevant and not excessive i.e. data should not be captured just because you think it may come in handy one day.
Accurate and where necessary kept up to date i.e. contraindications.
Processed in accordance with your rights.
Kept secure i.e. sensitive information filed securely and out of public way, under lock and key and accessed only by approved personnel.
Not transferred abroad unless there is adequate protection for the information i.e. delivery details of direct order to a customer from an American supplier.
Every individual has a right request in writing for access to all of their personal information the company holds on them. The company reserves the right to charge for this retrieval.
I hope I don't sound like a complete geek!
Last edited:
wishbabe
Well-Known Member
Hi just checked out the web site and you only need to notify if you hold records on any kind of computer.
Wow TinyBird, 10/10 for your reply!
I was an IT geek in a previous life and I couldn't have put it better.
But a word of warning - anyone who offers to provide you with a certificate for a fee, or sugests you have to get one though them needs to be checked out! There are soooo many scams out there.
I was an IT geek in a previous life and I couldn't have put it better.
But a word of warning - anyone who offers to provide you with a certificate for a fee, or sugests you have to get one though them needs to be checked out! There are soooo many scams out there.
'chelle
Well-Known Member
Unless you are holding records on a computer, you do not need to register for a certificate.
I dont wish to offend anyone by this comment, but I think it is important that people make sure that they are aware of the correct facts before posting advice on this forum, since it could be damaging to someones business if they took incorrect advice from here and applied it to their business.
I dont wish to offend anyone by this comment, but I think it is important that people make sure that they are aware of the correct facts before posting advice on this forum, since it could be damaging to someones business if they took incorrect advice from here and applied it to their business.
Gilly T
Well-Known Member
The data protection act is so complex, tbh I wouldn't be able to understand it enough to advise anyone let alone myself I would only suggest where they might go to. If it were me, I would have to go and find out for myself even if I read a suggestion on here. No offence anyone... just always better to double check I guess.
Is there anywhere on here where useful websites or contacts/numbers are/can be listed for things like this? It may save people asking the same thing twice or even avoid a situation such as you are mentioning.. Just a suggestion.
I would only suggest where they might go to. If it were me, I would have to go and find out for myself even if I read a suggestion on here. No offence anyone... just always better to double check I guess. Is there anywhere on here where useful websites or contacts/numbers are/can be listed for things like this? It may save people asking the same thing twice or even avoid a situation such as you are mentioning.. Just a suggestion.
HiHi just checked out the web site and you only need to notify if you hold records on any kind of computer.
I have just read one of the sponsored advert links is4profit - Free Small Business Information & Advice and on the first page this is what it says
All businesses that keep any information on living and identifiable people must comply with the Data Protection Act. The Act applies to any computerised or manual records containing personal information about people. All businesses using personal data must comply with the data protection principles - enforceable rules for handling personal information - and some will also have to register (or notify) that they use personal information.
So the best thing is to check out the websites, I must admit they are very confusing.
Gilly T
Well-Known Member
Zingara
Well-Known Member
Here is the link direct into the questionnaire (previously mentioned) provided by the infomration commissioner that if you answer yes or no honestly to the questions, will tell you if you need to notify the commissioner of your data records methods as part of complying with the DPA.
Yes, as a broad synopsis, it tells me that because I do not keep my records on a computer I do not need to register with the Information Commissioner, BUT I must still comply with the pro=inciples of Data Protection in the keeping of these records....listed in Tinybirds post.
Do I have to tell the Information Commissioner about the information my business processes? | Business Link
However, as the advice differs per business I strongly suggest that we each do our own rather than follows what applies for someone elses business!
Yes, as a broad synopsis, it tells me that because I do not keep my records on a computer I do not need to register with the Information Commissioner, BUT I must still comply with the pro=inciples of Data Protection in the keeping of these records....listed in Tinybirds post.
Do I have to tell the Information Commissioner about the information my business processes? | Business Link
However, as the advice differs per business I strongly suggest that we each do our own rather than follows what applies for someone elses business!
redsadie
Well-Known Member
Hiya
Just to say I just did this and although I will be keeping info on a computer, as long as you have consent and only use it for advertising and marketing I "do not have to notify the Information Commissioner, although it's important that your business adheres to the eight principles of the Data Protection Act 1998 and understands best practice for managing information."
Just thought I'd let you know :green:
xx
Just to say I just did this and although I will be keeping info on a computer, as long as you have consent and only use it for advertising and marketing I "do not have to notify the Information Commissioner, although it's important that your business adheres to the eight principles of the Data Protection Act 1998 and understands best practice for managing information."
Just thought I'd let you know :green:
xx
