At Work: Law and Governance - Keep it legal Data protection

In 1995 the European Union introduced a directive aimed at harmonising the different data protection laws throughout Europe and protecting the fundamental rights and freedoms of individuals, including their right to privacy. The Data Protection Act 1998 came into force on 1 March 2000 and implemented the directive into UK law.

Charities that, for example, process personal data through fundraising campaigns are subject to the act like any other organisation, and must comply with the data protection principles set out in it when processing that data.

Charities and their trustees need to take compliance with these principles seriously, because a failure to do so could result in enforcement action being taken against them by the Information Commissioner's Office, the public body responsible for the protection of information. And a civil action could be brought about by anyone whose data was used.

Failure to comply could also result in charities being prevented from using any personal data that was processed in contravention of the act.

The act sets out the following eight principles to which charities controlling data must adhere when processing personal data: personal data must be processed fairly and lawfully; it should be obtained only for specified and lawful purposes and should not be processed in any manner incompatible with such purposes; personal data should be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; personal data should be accurate and, when necessary, kept up to date; personal data should not be kept for longer than is necessary for the purpose it is processed; personal data should be processed in accordance with the rights of data subjects; appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data; and personal data should not be transferred to a country or territory outside the European Economic Area unless the country or territory involved ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Ros Harwood is a partner and head of charities at Dickinson Dees solicitors.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus