Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Data protection officers can ensure compliance

by Personnel Today 18 Feb 2003
by Personnel Today 18 Feb 2003

Appointing a Data Protection Officer should ensure employment practices are
in line with the Data Protection Act, and that audits are performed to identify
weak areas

It’s the job you love to hate. Data protection compliance is laborious and,
rather like domestic chores, the consequences can be unsavoury if you let it
slide. But don’t despair. A data protection officer (DPO) is the office
equivalent of Mr Muscle, and potentially, the answer to all your problems.

Why you really need a DPO

Although there is no express requirement under the Data Protection Act 1998
to appoint a DPO, you should seriously consider doing so. Appointing a DPO
ensures a co-ordinated approach to a compliance area rife with pitfalls.

In addition, the new Employment Practices Data Protection Code recommends
that organisations should "establish a person within the organisation
responsible for ensuring employment practices and procedures comply with the
Act and for ensuring they continue to do so".

Although the code is not enforceable, it provides the benchmarks set by the
Information Commissioner to assist employers with data compliance.

Who draws the short straw?

In small businesses, data protection compliance is likely to lie with the
business owner. In larger ones, responsibility should be allocated to a senior
HR manager or someone in a comparable position. The DPO should be sufficiently
senior to enforce a uniform approach to compliance.

The main tasks of a DPO

A DPO needs to be familiar with the Act and associated codes of practice.
Keeping up-to-date with any changes to the law is a must. But the Act goes
further than most other legislation – compliance is based on adherence to a set
of broadly drafted principles.

Having grasped the legislation, the DPO needs to audit the personal data
held in his firm – recording different types of data, how it is held and
processed, and so forth. This will reveal where work needs to be done.

Next, the DPO must eliminate areas of non-compliance identified through the
audit. Key considerations should include:

– Checking the processing of personal and sensitive data satisfies the
conditions in the Act

– Informing workers and customers of your firm’s role as a ‘data controller’
and the purpose of processing their data

– Eliminating unnecessary data processing

– Ensuring data is only processed for the purposes for which it was obtained

– Monitoring retention periods so that data is kept for no longer than
necessary

– Making sure the data security is appropriate for the sensitivity of the
data

– Checking that data transfers outside the European Economic Act satisfy the
relevant conditions in the Act

– Establishing appropriate contractual arrangements with third-party data
processors

– Co-ordinating subject access requests and other queries relating to data
subject rights

– Monitoring and, where necessary, updating the organisation’s current
notification of processing particulars held by the Information Commissioner

The DPO needs to maintain a consistent level of compliance.

An education and training programme can be invaluable for briefing
departmental heads and line managers, as well as workers about their respective
obligations under the Act.

All employees should be made aware that infringing data protection
procedures is a disciplinary offence.

A final word of caution – you can’t pass the buck. Liability under the Act
will normally rest with the employer.

By Mark Mansell, Head of employment law group, Allen & Overy

Avatar
Personnel Today

previous post
Peugeot staff agree another strike over pay
next post
Union outrage as TV giant threatens jobs

You may also like

Grants scheme set up to support women’s health...

16 May 2022

How music can help to ease anxiety at...

9 May 2022

OH will be key to navigating ‘second pandemic’...

14 Apr 2022

OH urged to be aware of abortion consultations...

8 Apr 2022

How coached eCBT is returning the workplace to...

8 Apr 2022

Why now is the time to plug the...

7 Apr 2022

Two-thirds of shift workers feel health affected by...

18 Mar 2022

TUC warns of April Covid risk assessment ‘confusion’

14 Mar 2022

Consultation on new NHS cancer standards, as waits...

11 Mar 2022

Pandemic pivot to home working fuelled mental ill...

11 Mar 2022
  • Apprenticeships are the solution to your recruitment problems PROMOTED | Apprenticeships have the pulling power...Read more
  • What it really means to be mentally fit PROMOTED | What is mental fitness...Read more
  • How music can help to ease anxiety at work PROMOTED | A lot has happened since March 2020, hasn’t it?...Read more
  • Why now is the time to plug the unhealthy gap PROMOTED | We’ve all heard the term ‘health is wealth’...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+