n 6 May 2015, a 92 year-old charity worker from Bristol committed suicide. As part of the evidence given at her inquest it was revealed that she was receiving up to 180 requests a month for donations to other charities. 99 charities had her personal contact details (including that she was already donating to other charities), and those 99 charities gained her contact details from some 22 ‘professional data-brokers’, or other charities.
Whilst the inquest decided that the charity requests were not a cause of her death, it highlighted the ‘trade’ in personal information that happens between organisations. Whilst is not illegal to share/trade personal data, the UK Data Protection Act 1998 states that people who give their personal data to organisations must also consent to that data being shared/sold.
‘Personal data’ under the UK Data Protection Act 1998 (DPA) relates to personally identifiable information, such as a name, date of birth, physical address, email address, telephone, National Insurance or NHS number, or even an IP address.
The DPA applies to all records systems, whether manual (such as a written journal or card index) or computerised such as a Customer Relationship Management (CRM) system, which is linked to the till on the checkout when the customer is asked for their details for the guarantee, etc. However, under the DPA the personal data remain the property of the person that has given it to you (and your organisation), and at any time they can ask it to be deleted from the records system, unless there are legal, health or national security reasons for retaining it.
Personal data is a very valuable commodity that can be (and is) bought and sold by organisations (and even governments), because when freely given by the person concerned it is likely to be highly accurate and current. This therefore offers the opportunity for very highly targeted (and therefore effective) marketing – why do you think Google, Facebook and Twitter are so big?
In summary, there are eight principles in the UK DPA:
- Personal data shall be processed fairly and lawfully
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
As part of their training, all employees handling personal data should be advised of all of these principles, their responsibilities, and also their duties regarding that data.
Like a cashier in a bank handling money on behalf of the customer, the money is not the property of the cashier, they are just trusted with it, on behalf of the customer, to make the best use of it for the customer.
Breaches of the DPA in the UK to date have resulted in a range of fines (some of which have put the relevant companies out of business), but the Information Commissioner’s Office (ICO) is starting to ‘up its game’ and are naming and shaming directors of those companies. It is only a matter of time before the liability for breach of the DPA moves down to the individual employee.
The UK is leading the way in data protection
Data protection legislation was not brought in because the UK parliament didn’t have enough to do, or because it was obliged to do it by the EU.
The UK has been the leading ‘driver’ across the world in Data Protection.
Principally because the UK has recognised that the abuses of personal information have led to, in addition to the ‘relatively mild’ acts of requesting money, identity theft and fraud, and have also helped in acts of terrorism. It is important.
An absence of Data Protection legislation, and more importantly adherence to it, affects everyone. Let’s go and paraphrase the title, “Why as an employee do you need to understand about Data Protection?” Because your next conversation with a salesperson, either face to face or online, means you are giving them, and their organisation(s) further down the line, access to all your personal details forever.
Get a FREE Course
Sign up to our newsletter and get access to the Interview Skills and CV Writing Certificate course for free!
Simply enter your details below and we will email you access to your free course!
What our students say about us...
This course is a great way to brush up on my rusty excel skills, I recommend this course to anyone looking for something to do during lockdown, it's easy to use and talks you through each stage step by step. It has given me the confidence I need to further my career.
Excellent course, well explained and easy to understand. The course can be done at my own pace and is available on various devices. The layout of the course was excellent and the notes options is very good. The content is perfect and well structured, making it easy to understand and follow. I will definitely be taking more courses in the future.
Fantastic course! Well-presented and challenging with frequent assessments. I feel a serious sense of accomplishment having not studied for over 30 years! Videos that accompany each module are carefully thought out and informative. Am so impressed with this course, have now signed up for 3 other courses and recommending New Skills Academy to everyone!
Very interesting and helpful course. I ve learned a lot of interesting things about make up and the tutorials were very helpful and easy to understand. I really reccomend this course for everyone who is passionate about make up and wish to develop their skills and make a career from their hobby.
I am a doctor. This course is well organized, covering all areas of CBT. The videos and practical tips are very helpful. All the modules are arranged with good explanations and examples. Also each module consists of quick test and assignment which enables you to gain knowledge. Finally I would like to thank the New Skills Academy team.
Dr. M. Arshad
This is a great course for any level of knowledge. Very easy to navigate, great practical tasks and explanations are very clear. You can revise any module with no problem. The test wasn’t too hard if you completed every module. It may be handy to make some notes before you start. Overall I'm very happy with my choice. Thank you New skills for my New skills :)
Omg im so excited, over joyed and all the good stuff that comes to mind! Wonderful experience doing lessons with New Skills Academy. I look foward to doing more courses with them. I hope this will encourage others to come on board and refresh your minds or to learn something new, it's a win win situation. I want to thank New Skills Academy so much for making this as simple as possible for me.
I took up this course initially to help me with my own dog, but found that as I worked through the material I actually started thinking that this could be something that I could use to make a second income. From start to finish I found the course engaging and interesting. I am now doing another dog related course and am experiencing the same level of enjoyment. I would recommend New Skills Academy without hesitation.