Important changes to Data Protection Act
01/10/2007
Businesses should be aware that in October 2007 new provisions of the Data Protection Act will come into force. The Data Protection Act was introduced in March 1998 to protect personal data and gives the right to individuals to obtain personal information held by companies and organisations about themselves. When it became law however, certain transitional periods were built into its implementation to allow businesses time to change their working practices and comply with the new regulations.
Under the initial ruling, all electronically held files which fell under the Act had to be made available to interested parties within a set time frame. Older files, not digitised, were exempt.
Under the October changes however:
- Older, non- digitised files will now have to be found for end-user reference within the same 40-day time frame as the electronically held files already covered under the Act.
- Failure to supply data within this timeframe is likely to be met with a significant fine;
- Most at risk are larger organisations where file volumes are largest - public bodies, the health service, legal firms for example;
- Rulings on holding of data for set periods still apply and organisations need to be sure that there are comprehensive filing and retrieval tools in place to allow them efficient access to archived materials;
How the act will be enforced and the level of penalties for non-compliance are yet to be seen, however a review of your document management procedures and capabilities is best to avoid falling foul of this new regulation.
