This checklist will help you to comply with the Data Protection Act. Being able to answer ‘yes’ to every question does not guarantee compliance, and you may need more advice in particular areas, but it should mean that you are heading in the right direction.
- Do I really need this information about an individual?
- Is this information all accurate and up to date?
- Do I know what I’m going to use it for?
- Do the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for?
- If I’m asked to pass on personal information, would the people about whom I hold information expect me to do this?
- Am I satisfied that the information is being held securely, whether it’s on paper or on the computer? And what about my website? Is it secure?
- Do I have consent for all sensitive personal data that I hold?
- If I am transferring data outside of the EEA (ie the European Union plus Norway, Iceland and Liechtenstein), have I either ensured adequate protection or obtained consent from the data subject?