What should I do about data protection?

Data protection is about protecting people, not data. People can be harmed if their data is misused or falls into the wrong hands, or if inaccurate or insufficient data is used to make decisions that affect them.

Before collecting, storing or using data for the first time always check you are complying with the Data Protection Act, which governs how data may be held and used. There is no standard policy to adopt or a fixed set of rules. You must review the requirements and explain how you are meeting them.

Preparing a data protection policy is not an ICT issue but a legal consideration that reflects the culture and practices of the whole organisation. It should be led by a senior manager, approved by trustees and reviewed regularly to reflect changes in operational activities.


Information Commissioner’s Office

Comments are closed.

Not the answer you were looking for?

Try looking in these topics...All Questions, Data Protection, Governance, Planning, Policy, Security, Trustees

Search for an answer

Produced by the Regional ICT Champions who were a Capacitybuilders funded project coordinated by NAVCA from 2008 to 2011