The Data Protection Rules
Your legal responsibilities as a Data Controller
You have certain key responsibilities in relation to the information which you keep on computer or in a structured manual file about individuals. These may be summarised in terms of eight "Rules" which you must follow, and which are listed below. Click on the links to see more information.
- Obtain and process the information fairly
- Keep it only for one or more specified and lawful purposes
- Process it only in ways compatible with the purposes for which it was given to you initially
- Keep it safe and secure
- Keep it accurate and up-to-date
- Ensure that it is adequate, relevant and not excessive
- Retain it no longer than is necessary for the specified purpose or purposes
- Give a copy of his/her personal data to any individual, on request.
These provisions are binding on every data controller. Any failure to observe them would be a breach of the Act.
Certain data controllers are also required to register with the Data Protection Commissioner - see the registration section for more details.
To see how well, or how poorly, your business meets its data protection responsibilities, test yourself by using our self-assessment checklist. If you can answer yes to all of the questions, your business is in good shape from a data protection viewpoint. If you don't have a clean sheet, the checklist can help you identify the areas where you need to improve.
|MENU||Select Page No.|