The Data Protection Acts of 1998 and 2003 mean everyone who is processing personal information needs to register with the Information Commissioners Office (ICO). A good Virtual Assistant can set herself apart from the competition by, not only having indemnity insurance, but also being registered for Data Protection. This gives clients peace of mind, as well as a commitment to how professional you are.
Do I need to register?
Whether you collect personal information in a computerised or manual way, you need to be registered, unless you are exempt (see below). You can see if you need to comply by taking their simple test: http://www.ico.org.uk/for_organisations/data_protection/registration/self-assessment
If you wish, you can also voluntarily register for Data Protection, to provide extra peace of mind to your clients.
Registration costs £35 a year.
Who is exempt?
If you only obtain personal data for core business purposes, you are exempt. This includes
- Data related to staff administration.
- Advertising and marketing your own services and products.
- Promoting them through PR.
- Keeping accounts and records.
If you hold the data for any other reason, you must comply.
How to register
If you’re a sole trader, you need to register in your full name – there is a section to register your trading name further in the process. You also need to register your address, plus an outline of what information you hold and how you use it.
This information goes on a public register, of which anyone can see and can request a copy of the data you hold on them.
If you are exempt, you still need to beware
Whether you have to comply or not, you still need to observe the data protection principles:
- Identify the minimum amount of information needed for the purposes.
- Collected for a specific lawful purpose only.
- Extra restrictions need to be in place for the use of sensitive data (such as ethnicity, religious and political views etc.).
- Each person needs to be properly informed as to what you are going to do with that information. This includes letting them know who you are, what information you hold and why, as well as whether you’ll pass it onto third parties.
- The information must be accurate and up to date.
- You must keep it secure and not pass over to anyone.
- All information must be deleted as soon as you have no reason to keep it.
- All information must be stored securely.
If you’re in any doubt about whether you need to register or not, please check out the ICO’s website, as they provide comprehensive information for organisations and sole traders: https://ico.org.uk/for-organisations/