Is your organization registered with the regulator? Does your organization have to register?
Case Study One
A landlord earned income from his properties. All personal details of his clients were held electronically. Should he register? Yes, the Data Protection Act requires all businesses to register unless it is exempt.
K8, carried out a health check, and based on the size of the ‘business’ we advised on the fee that was due to the ICO, assisted with the completion of the form and made arrangements for future renewal reminders to be received. The landlord is now on the right side of the Data Protection law and ‘trading’ merrily!
But what happens if an organization that is not covered by an exemption does not register.
Under the Data Protection Act it is a criminal offence with a penalty of up to £5,000 in the Magistrates Court, and a potentially unlimited fine in the Crown Court.
Case Study Two
A care home had received a request from a relative for images captured by the organizations CCTV cameras. These were sited at various locations, to include the residents’ day and dining rooms, nurses station and corridors. Although the organization was registered with the regulator’s office they were unsure on the process of handling such a request.
K8, was asked to assist and through the initial consultation, it also identified other gaps which needed attention. Within a few days, the organization was able to boast of a whole suite of policies and procedures, the request had been successfully processed, relevant signage to inform residents and visitors of the use of CCTV was in place and data protection awareness among staff had been raised through a training session. K8 now carry out regular audits for the organization to ensure it remains compliant.