How do I know whether the Data Protection Act applies to my business/organisation?

How do I know whether the Data Protection Act applies to my business/organisation?

In general, the Data Protection Act applies to all organisations (including individuals, such as self-employed financial advisors and accountants) which hold or use personal data (that is, information about individuals). Personal data will include information about your staff, your customers or clients or anyone else with who you have dealings in the course of your business or professional activities. Even if you simply hold membership lists for social or other clubs or charities, you also have to comply with at least some of the provisions of the DPA.
The only exception is where, as an individual, you hold personal information only for domestic reasons (eg an address book or Christmas card list) in which case the DPA does not apply at all.

One of the requirements of the DPA is that individuals and organisations that are processing personal data need to “notify” the Information Commissioner that you are doing so, and the purpose of that processing. There are exceptions to this rule where you are an organisation holding personal information only for: 

• staff administration (including payroll)
• advertising, marketing and public relations for your own business
• accounts and records (some not-for-profit organisations)

The Information Commissioner's website to find out will give further guidance on whether the Act applies to you, and whether you need to notify. Alternatively, you may call the Commissioner's Notification Helpline on 01625 545740.