Information together with the processes and systems that create, store, use and dispose of it, are important assets to any business.
The need to be able to locate and retrieve your business information is essential for your efficient operation, as is the need to safeguard information, particularly the data that is personal to an individual.
Supporting these principles is a range of legislation, regulation and standards. Here, we give a summary of the key ones that are likely to apply to your business.
Data Protection Act The Data Protection Act 1998, for which compliance is mandatory, is a Framework of rights and duties which are designed to safeguard personal data, balancing the needs of organisations to collect and use personal data against the right of individuals to have privacy of their details.
Freedom of Information Act The Freedom of Information Act 2000 provides public access to information held by public authorities, which includes government departments, local authorities, the NHS, state schools, colleges and universities and police forces. It covers all recorded information including printed documents, computer files, emails, photographs and audio or video recordings.
Financial Services and Markets Act Under the Financial Services and Markets Act 2000, the Financial Services Authority (FSA) lays down strict requirements to protect the consumer against Malpractice. The Act requires all financial institutions to store all business emails sent and received for up to six years, with some emails to be stored indefinitely so that cases can be reviewed.
Waste Electrical and Electronic Equipment Directive (WEEE) This is the EU directive regulating the management of electrical and electronic waste. The equipment producer is usually responsible for the cost of treating and recycling, although business users sometimes have to pay. Businesses must use a registered waste carrier and keep a transfer note when equipment leaves their premises.
Payment Card Industry (PCI) Data Security Standards (DSS) The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational requirements concerning the use of cardholder data. If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.
IS O9000 and IS O 9001 Quality Management System. The ISO 9000 standard deals with the fundamentals of quality management systems including the eight management principles on which the family of standards is based. ISO 9001 deals with the requirements that organisations wishing to meet the standard have to fulfil. A cornerstone of the standards is the control of documents.
ISO 15489 Records Management The ISO 15489 standard concerns records management and covers the efficient and systematic control of the creation, receipt, maintenance, use and disposal of records, including the processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.
Contact us if you would like to know more about how our IT solutions can help you comply with UK data legislation and regulations.