11 replies to this topic

[divrom]

Have any other folk from the UK looked into the Data Protection Act 1988?

I'm setting up a store for someone who wants me to be able to provide proof that they are okay to record customer info (even though the banking details will be stored with Paypal not them).

Does you have any experience with this?

[mj_superfly]

Hi Graham

Your client will need to register as a data holder, I think it costs about £35 a year.

Should be able to find more information at Business Link

here.

Steve

[Burge]

I think that if you collect your data normally, ie from sales through your web site, and purchases from suppliers, and only use this data for the purposes of accounts and record keeping, then you do not need to register.

Its not obvious from the guide on the site, but well worth reading a little deeper.

[radders]

I think that if you keep data on customers then you must register. One of the standard templates is that of a retail store.

Edited by radders, 10 May 2006, 18:43.

[crash3903]

Burge, on May 10 2006, 08:53 AM, said:

I think that if you collect your data normally, ie from sales through your web site, and purchases from suppliers, and only use this data for the purposes of accounts and record keeping, then you do not need to register.

Its not obvious from the guide on the site, but well worth reading a little deeper.

This is the right answer - If you however start to disclose that data or use it for marketing (This is open to discussion) then you cross the line - if it is purely as stated above then there is no need to register

My view and probably wrong

regards

[radders]

Also if you are hosted on an American server you must register.

[jon_l]

My understanding is that an internet shop doesn't have to register.

This is from the official website and is one of the exemptions from having to register:

Quote

Data controllers who only process personal data for any one or all of the following purposes for their own business.

* staff administration
* advertising, marketing and public relations
* accounts and records

I couldn't see anything to suggest that the location of the server makes any difference.

If you were passing any of the information to another business you would have to register. Otherwise, I can't think of anything in osC which would cause the need to register. Though you can always register anyway if you want, but that can open a can of worms.

Jon.

Edited by jon_l, 12 May 2006, 14:14.

[AberdeenJetMan]

Having done a lot of stuff on the DPA at school and college there are certian circumstances that you do not have to register with the information commisioner with such as those outlinrd above.

However you must still abide by the rules of the DPA. Such as

• Keep Data Secure
  
• Only Use For Purpose Specified
  
• Keep Accurate

[radders]

Exactly. You have to keep the data secure. Therefore the information should not be tranmitted out of the EC. There is an exception for certain hosts in certain countries abroad provided they maintain equivalent levels of data protection. I haven't come across any foreign hosts that advertise such a feature.

[mj_superfly]

To be honest, if you have your customer details and aren't using them to market your products or services, then I wouldn't bother registering for Data Protection anyway - you won't be trading long!!

[trogette]

Depends on your trade, I've had 1 customer who's specifically requested to *not* be contacted in any way at all and wanted this assurance before ordering from me.

Most of my marketing is through forums, not direct email.

[seb1188]

It's really all quite simple. I don't know why people make such a fuss.


As long as your not doing anything abnormal, you don't need to register.

You must keep all the data safe (as best you can), only ask what you need to know, and offer them a way to change/delete the information.


If you can't quite keep to the standard rules, you can deviate a little with the express permission of your customers.


That's about the jist of it.