aDaVista Banner
Data Protecton Act 1998, Freedom of Information Act 2000 - ADAVISTA can guide you through it


Lockable Filing Cabinet

The Data Protection Act 1998 covers personal data held and used by private and public sectors alike. All businesses hold personal data about:

  • Staff
  • Customers
  • Suppliers
  • Web site visitors

CCTV Camera

Failure to comply with the legislation can attract a fine of up to £5000 for each infringement, or even a criminal record.

After your free initial “health check”, if necessary, you can be brought into line with the legislation.


NOTIIFICATION – registration with the Information Commissioner’s Office

“Notification” is effectively registration with the Information Commissioner’s Office (ICO) – the regulatory body for this legislation.  This currently has a fee of £35.00 per year.  The register entry lists the purposes for which your organisation processes data.  No Notification = £5000 fine max.  If the Notification does not accurately reflect what you do = criminal record.

INFORMATION SECURITY POLICY – to support Notification

You are asked if you are implementing an “Information Security Policy” as part of the Notification process.  It details out certain administrative procedures and responsibilities.

It is highly likely that a copy of this Policy will be requested on future occasions when renewal of the Notification comes round.

BUSINESS CONTINUITY PLAN – to support Notification

You are asked if you are implementing a “Business Continuity Plan” as part of the Notification process.

One of the fundamental “ideas” behind the Data Protection Act 1998 is the security of data.  Data are considered “protected” if all feasible security measures are in place to restore data after potential accidental loss – a Business Continuity Plan.

WEB SITE PRIVACY POLICY– tailored for your company and its processes

How many people know why it’s there? Is it just to balance the “look”? NO! Is it a legal requirement? Not exactly…a privacy statement is one demonstration of a company’s compliance with the UK Data Protection Act 1998 (DPA).  This compliance IS a legal requirement.

All companies hold personal data – beit on clients and /or staff.  Very few nowadays hold information on a purely manual basis and therefore compliance with this legislation can potentially save your company huge bills in fines and/or compensation.

So – why do you need a privacy statement?  Well, the Act requires companies /public authorities to “proactively inform” individuals when collecting data that it will be processed legally within the “purposes” (reasons) registered with the Information Commissioner (Enforcement Body for the legislation), whether it will be shared with third parties and how to request a copy.  Even if your website is information-only, you could be collecting personal data on the visitors behind the scenes.  Therefore, a privacy statement on the website has become the common format to carry out this “proactive-informing”. 

EMAIL DISCLAIMER – as this informal media attracts personal data

This relates to both the Data Protection Act 1998 (DPA) and the Privacy and Telecommunications Regulations 2000.  The DPA has 8 basic principles – No. 7 is keep data secure.  Recipients need to be aware that the Internet is not secure and that you know this!  The Regulations require a notice of what to do if you are not the intended recipient.  This is about “covering your back” in case emails go astray.


Its main focus is to allow the individual access to the information held about him / her.  It also allows the individual to control their personal information how, why it is used and by whom.

BUT ...... by ensuring compliance with the legislation and ensuring that this compliance is visible to the individual, it can also boost the confidence in your business with your customers.  Staff have more confidence in an employer if they know that the personnel systems are open.

SO.. what are the main areas of your business to consider?

A) Notification with the Information Commissioners Office...for inclusion in their online Public Register of Data Controllers a legal requirement.  BEWARE OF BOGUS AGENTS!  There are companies set up who claim to do this for you for a fee of £95.00 these companies are known to the relevant authorities.  The Information Commissioners Office charges an annual fee of £35.00 currently for Notification.  aDaVista can provide guidance through the process, or even complete the process on your behalf all that is required is your signature!

B) Compliance your administrative processes emails (not just how you store them , but also the language used therein); websites (consider a privacy statement be careful of copyright!); internet usuage; CCTV; filing in general; security of data.

aDaVista  can take all this on board for you, keeping you informed at all stages, BUT leaving you to concentrate on the day-to-day running of your business.

Add To Favourites

(More on FAQ page)

Q: Do I need to register a Notification with the Information Commissioners Office?

A: Regardless of how data are processed, compliance with the Act is a legal requirement. However, if you only hold data in a manual format, or electronically for three very specific reasons, then Notification may not be required. Best thing to be sure is check it out with a 'specialist'.


Q: What is the Freedom of Information Act 2000?

A: A piece of legislation permitting access to information held by public authorities - came into force 1st January 2005.

Valid CSS! Valid XHTML 1.0


TERMS & CONDITIONSblack spacer image | black spacer imagePRIVACY & COOKIES