Data Protection? I wasn’t expecting the Spanish Inquisition!

Don’t you just hate companies that seem to ask you for more personal details than seem necessary?

It’s one of the things that annoys me about a certain hardware shop not too far from where I live. I’m not a trade customer, so whenever I visit it’s generally because I need a few small items such as a screwdriver, a wrench or a few nuts and bolts.

Normally it takes me only minutes to find what I need and head to the cash desk to settle up.

Then the Spanish Inquisition starts. What’s my name? My address? Is my phone number still such and such? Is my email still so and so? So far they haven’t asked for my passport or National Insurance number, but I feel it’s only a matter of time.

Whose data is it anyway?

And each time I stand there, I wonder why on earth I have to give up all this personal data for a packet of screws or an adjustable spanner. I know I can refuse to supply it, but I also know that would inevitably result in the cashier having to interrupt his manager’s tea break to have a lengthy discussion about how their point-of-sale system could actually handle such a breach of protocol.

So I cut my losses, provide my personal details and make for home with my chosen hardware.

Last week, though, there was a small queue as I took my chosen items to the cash desk. And as I watched other people handing over their details, I started to think how easy it is for companies of all sizes to fall foul of data protection laws. For sure, you only need to spend five minutes browsing the Information Commissioner’s Office website to see how it has prosecuted not only major organisations, but a whole range of smaller companies and individual employees for breaching the Data Protection Act.

Don’t get a criminal record!

If you hold personal data about clients, customers or staff on one or more computers, you need to make sure you’re not disciplined because you’ve failed to register with the Information Commissioner’s Office. It doesn’t matter whether you’re a sole trader, a member of an LLP, a director of a limited company, on the board of a PLC or even a local councillor. If you hold personal data, you almost always have an obligation to register with the ICO as a data controller and to protect the information you hold in accordance with the Data Protection Act.

If you don’t, there’s a real sting in the tail. If you don’t register, you could not only get slapped with a fine, but you could end up with a criminal record. Then if you don’t renew your registration every year, the same could happen. And that fine is an unlimited one.

(By the way, when you do renew your ICO registration, deal only with the ICO itself. There are companies out there who remind you to renew and charge a higher fee for filing your details – before pocketing the difference.)

Get registered

So if you haven’t registered with the ICO yet, you may now be itching to look out of the window and check whether the Commissioner has got your building under surveillance. It’s unlikely, but we strongly recommend you head to the ICO website to find out for certain whether you need to be registered. There’s a very useful section designed especially for SMEs, helping to work out whether you do need to register – and what your obligations are when you do.

But why are you reading about this on an accountancy website? It’s because we see ourselves as Totally Helpful Professionals. And when you get in touch with us to help with any issue, big or small, you can rest assured that you won’t be on the receiving end of the Spanish Inquisition.

Just don’t ask us where to buy a hammer or an electric drill!

(Image source: Wikipedia)

 

Join The Conversation
ICAEW
Member of the Legal Services Guild
Sign up for our Newsletter