Data Protection
Data protection regulation is a key business issue for most organisations and in particular, information intensive businesses that rely upon capturing, processing and exploitation of data and information.
This is very relevant to business coaches who gather, process and store information about their clients and potential clients.
Data Protection Legislation
In Europe, data protection is governed by the EU Data Protection Directive. It is always the organisation’s responsibility to comply with data protection laws.
In the UK, The Data Protection Act 1998 came into force in March 2000. This Act governs the processing of personal data in order to protect the rights of the individuals concerned.
It also gives a right to those individuals to access their personal data where it is held in management information systems.
The Act sets out eight data protection principles to which all UK organisations must adhere:
| PRINCIPLES | EXPLANATION OF PRINCIPLE |
| Principle 1 | Personal data shall be processed fairly and lawfully |
| Principle 2 | Personal data shall be obtained and processed only for specified and lawful purposes |
| Principle 3 | Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed, and will not be further processed in any manner incompatible with that purpose or those purposes |
| Principle 4 | Personal data shall be accurate and, where necessary, kept up to date |
| Principle 5 | Personal data processed for any purpose shall not be kept for longer than is necessary |
| Principle 6 | Personal data shall be processed in accordance with the rights of data subjects under the Act |
| Principle 7 | Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data |
| Principle 8 | Personal data shall not be transferred outside the EEA, unless that country ensures an adequate level of protection of the data subjects in relation to the processing of the data. |
The Act classifies some personal information as ‘sensitive’ and there are stricter rules about this.
This is information about:
- racial or ethnic origin
- political opinions
- religious or similar beliefs
- trade union membership
- physical or mental health condition
- sexual life
- offences or alleged offences committed
- proceedings relating to those offences or alleged offences
The use of ‘sensitive’ personal information is only possible where at least one of a narrower set of conditions – as well as being able to meet one of the six standard conditions – for processing personal information can be fulfilled. These narrower conditions make sure that this sensitive information is only used where there is an essential need for an organisation to use it.
Organisations usually operate a range of policies, procedures and codes of practices to manage the capture and use of data, data processing and information sharing, database management, management information systems (MIS), personal data and record management. As a business coach you should ensure that you are familiar with and abide by these documents. If you are an independent business coach, it is essential that you have and abide by clear policies and procedures in this area.
Click on the lesson title under the “Next” button below to access the following lesson.