Data protection

Data Protection Act 1998 and the Information Commissioner


Link to Data Protection Act 1998:
http://www.hmso.gov.uk/acts/acts1998/19980029.htm

Collecting and using personal data is regulated by the Data Protection Act 1998. If you collect any private data from web site visitors, you should notify the Information Commissioner. Notification costs £35.00 per year and can be done online at www.informationcommissioner.gov.uk.

Data protection notices

Your web site must include a data protection notice wherever a visitor is asked to submit personal data. This is not the same as a ‘privacy policy’ which is generally available throughout the site.

The notice must be correct, or you may be liable to legal action and even lose access to all the data collected. It should include:

 

  • who is collecting the data
  • what kind of personal data and how, when and why collected
  • what the data will be used for and how long kept
  • who the data will be shared with
  • whether the data will be sent outside the UK or European Union
  • how people can correct, update or delete the data about themselves

Displaying the data protection notice
You must display the data protection notice at the point that the data is collected, above the form button. It is not enough to have a link to your privacy, terms or data protection policy.

Here is an example of the correct positioning of the notice, before the Submit button:

Example of a correctly displayed Data Protection policy

Privacy policy
Although UK law does not demand a privacy policy, it is useful for reassuring your users. It should be accessible from every page of the web site, usually from a link in the page footer.
Cookies
A cookie is a very small text file that a web server places on the hard drive of a visitor to a web site. It is like an identification card, and tells the web site when that visitor has returned.

The Privacy and Electronic Communications (EC Directive) Regulations 2003 affects the use of cookies in web sites. To comply, you should:

  • tell users about your cookies and how the information they gather is used
  • give users the right to refuse cookies

You should include a ‘cookie policy’ in your data protection or privacy policy, telling users about the cookies that you use in the site.

A link to www.aboutcookies.org will explain to users how they can disable cookies in all major browsers.

Link to Privacy and Electronic Communications (EC Directive) Regulations 2003:
http://www.hmso.gov.uk/si/si2003/20032426.htm

Next - Accessibility

 
Members login Password reminder
Join the Web Forum
Would you like our members to give you a quote? Click our Quote Generator to get FREE quotes.
Quote generator