This checklist is based on UK law. It was last updated in February 2008.
Can you date your data?
Do you know when you collected it?
Can you connect it to the data protection notice that you used?
Do you know under which DP Act the data were collected?
Can you capture opt-out by medium?
You need to be able to recall each individual's contact preferences (e.g. direct mail, email, telephone, SMS ) and to relate it to the data protection notice you have used.
Do you meet the requirements of The Privacy and Electronic Communications Regulations to obtain each individual's prior consent to all forms of communication other than mail?
Do you know the source of the data?
Under data protection law you have to be able to tell anybody who asks you where you got their data from (so far as the information is available to you).
Can you sort good data from bad?
Have you contaminated your records by mixing "bad" data in with "good" data (so that your aggregate data is now unusable)?
Can you identify "bad" data so it can be removed from otherwise usable data?
Have you built an audit trail of how datasets were built?
Have you got a record of those to whom you have ever disclosed data?
Under data protection law you must know everyone to whom data has been disclosed.
You also need to "seed" the data you disclose to third parties to monitor their use by data processors. Do you operate a "seed" management system?
Can you distinguish between the email addresses of prospects and customers?
You may only send direct marketing emails to customers subject to certain conditions. In all other cases, you must obtain the recipient's prior consent.
Operators of financial markets infrastructure (FMIs), such as payment systems, have been advised to anticipate – and undertake robust testing around – “extreme but plausible” scenarios that could cause disruption to services, ahead of new rules on operational resilience taking effect in the UK next year.
The UK government will seek to “fine-tune” its national security investment screening regime to stay ahead of potential national security threats following a recent consultation outcome and in light of recent geopolitical developments, it has announced.
Businesses should expect the UK’s Information Commissioner’s Office (ICO) to undertake more ‘own initiative’ investigations into compliance with UK ‘cookie laws’ in the months and years ahead, an expert in data protection and privacy law has said.
We use cookies that are essential for our site to work. To improve our site, we would like to use additional cookies to help us understand how visitors use it, measure traffic to our site from social media platforms and to personalise your experience. Some of the cookies that we use are provided by third parties. To accept all cookies click ‘accept all’. To reject all optional cookies click ‘reject all’. To choose which optional cookies to allow click ‘cookie settings’. This tool uses a cookie to remember your choices.
Please visit our cookie policy for more information.
We are processing your request. \n Thank you for your patience.An error occurred. This could be due to inactivity on the page - please try again.