This code of practice explains the rights of individuals to access their personal data. It also clarifies what you must do in this regard to comply with your duties as a data controller. These rights and duties are set out in sections 7–9A of the Data Protection Act 1998 (DPA) and are often referred to […]
This guidance will explain the difference between a data controller and a data processor, what their roles and responsibilities are and the governance issues that have to be addressed to ensure data protection compliance. Please note: The following information has not been updated since the Data Protection Act 2018 became law. Although there may be […]
This guidance explains what organisations, and individuals who process personal data for purposes such as running a business, need to consider when they run, contribute to, or download personal data from online forums such as social networking sites, message boards, or blogs.
This guidance explains what organisations need to do to make sure they comply with the DPA when they archive or delete personal data. Please note: The following information has not been updated since the Data Protection Act 2018 became law. Although there may be some subtle differences between the guidance in this document and guidance reflecting the […]
This self assessment toolkit has been created with small organisations in mind. It will be most helpful to small to medium sized organisations from the private, public and third sectors.
This guidance explains the DPA and PECR rules on direct marketing – with a focus on calls and texts to individuals – and how this affects lead generation and the use of marketing lists. It will help responsible organisations to keep within the law and maintain a good reputation with customers, and sets out what […]