Personal data
This term is very important to understand when managing mailing lists and databases, within the UK the Data Protection Act defines how personal data should be stored and managed. The following check-list provides guidance on how your managing the data, you should be able to answer ‘Yes’ to all questions, but if you do it does not necessarily mean you are complying with the Data Protection Act:
- Do I really need this information about an individual?
- Do I know what I’m going to use it for?
- Do the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for?
- If I’m asked to pass on personal information, would the people about whom I hold information expect me to do this?
- Am I satisfied the information is being held securely, whether it’s on paper or on computer?
- And what about my website? Is it secure?
- Is access to personal information limited to those with a strict need to know?
- Am I sure the personal information is accurate and up to date?
- Do I delete or destroy personal information as soon as I have no more need for it?
- Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
- Do I need to notify the Information Commissioner and if so is my notification up to date?
For more information the data protection complete audit guide can be found here
