Achieving compliance with the Data Protection Act can be a time-consuming and somewhat difficult process, to provide some direction we have identified the top 8 indicators to evaluate your data protection compliance:

1. Have you been subject to an independent Data Protection audit? 

Recognising the risks associated with the technological and organisational factors. Identifying each role player, types of information processed, and information life cycle, should be included in this exercise. 

2.  Have you identified the type of information you share?

• Personal Data
• Sensitive Personal Data
• Information relating to an identified or identifiable individual.

Information revealing racial or ethnic origin, political opinion, religious beliefs, membership of a trade union, physical or mental health, sexual life, filing, personal financial information, information on commissions or alleged commissions of offences, information on proceedings for offences committed or alleged to have been committed by them, the disposal of such proceeding, or the sentence of a court in such proceeding.

3. Have you identified the purpose of processing information?

Does it form part of the fulfilment of a service you are providing to the data subjects. Data controllers are required to ensure that personal data is processed fairly and lawfully, obtained with the knowledge or consent of the data subject, not kept for a longer period, collected for specific and legitimate purposes, and protected by reasonable security safeguards.

4. Is the information securely processed, stored and shared according to the data protection compliance requirements? 

Processing- data may only be processed when consent is given, it is necessary for the performance of a contract, there is a legal obligation to be complied with, to protect a data subject, a public law is being performed or in the pursuance of legitimate interests. 

Storing data- data must only be stored for the time period necessary for fulfilment the purpose for which it was collected, after which it must be destroyed.

Sharing- the Data Protection Act mandates that appropriate security measures must be put in place to safeguard against risks. 

5. Have you appointed a data protection representative? 

The data protection representative has certain responsibilities within the organisation mainly to determine the purposes and means of which personal data is to be processed as well as independently ensure that personal data is processed in a correct and lawful manner. 

6. Do you understand the concept of consent ? 

Data may only be processed with the consent of the data subject for the purposes of which it was obtained. The data should only be stored for as long as is necessary. A consent form should always be signed; by employees, clients, any third parties involved, suppliers, etc. A data subject can at any time withdraw consent, in writing and due to reasonable grounds.