Website Design Principles - Privacy and Data protection

Did you know that under the Data Protection Act 1998, anyone in control of personal data has a legal duty to follow the principles laid down in the Act in order to protect the data. This responsibility lies with the "data controller" (person who determines the purposes for which and the manner in which any personal data are processed) and not the ISP (Internet Service Provider), data processor, or the website designer (where these are different people).

Certain data controllers are exempt from registration as data controllers, but this does not exempt the controller from following the principles.

The technical bit

A brief summary of the principles follows, for full guidance please read the Act itself (links to the Act and other documents can be found in our
Reference section).

1. Personal data shall be processed fairly and lawfully and shall not be processed unless certain conditions are met (eg. explicit consent given,
   legal obligation).

2. Personal data shall be obtained only for particular lawful purposes, and shall not be further processed in any manner incompatible with those purposes.

3. Personal data shall be adequate, relevant and not excessive.

4. Personal data shall be accurate and up to date.

5. Personal data shall not be kept for longer than is necessary.

6. Personal data shall be processed in accordance with the rights of data subjects.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss/damage of personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country ensures an adequate level of protection for the rights of data subjects.

What does this mean to me?

• Check whether you are exempt from registration (http://www.informationcommissioner.gov.uk/eventual.aspx?id=2662)
• Only collect information that you require, obtain consent
• If you are gathering additional marketing information then be clear and honest of the purposes when gaining consent.
• Ensure that appropriate security is considered depending on the sensitivity of the data; password protection, secure website connections.

Further information

We can re-work and give advice on your existing website, or develop a new website for you. If you would like a no-obligation quote or to discuss the issues then please contact us.

Back to Design Principles index

Next item - Accessibility