Data Protection health check

Out-Law Guide | 30 Mar 2005 | 3:18 pm | 1 min. read

This checklist is based on UK law. It was last updated in February 2008.

Can you date your data?

  • Do you know when you collected it?
  • Can you connect it to the data protection notice that you used?
  • Do you know under which DP Act the data were collected?

Can you capture opt-out by medium?

  • You need to be able to recall each individual's contact preferences (e.g. direct mail, email, telephone, SMS ) and to relate it to the data protection notice you have used.
  • Do you meet the requirements of The Privacy and Electronic Communications Regulations to obtain each individual's prior consent to all forms of communication other than mail?

Do you know the source of the data?

  • Under data protection law you have to be able to tell anybody who asks you where you got their data from (so far as the information is available to you).

Can you sort good data from bad?

  • Have you contaminated your records by mixing "bad" data in with "good" data (so that your aggregate data is now unusable)?
  • Can you identify "bad" data so it can be removed from otherwise usable data?
  • Have you built an audit trail of how datasets were built?

Have you got a record of those to whom you have ever disclosed data?

  • Under data protection law you must know everyone to whom data has been disclosed.
  • You also need to "seed" the data you disclose to third parties to monitor their use by data processors. Do you operate a "seed" management system?

Can you distinguish between the email addresses of prospects and customers?

  • You may only send direct marketing emails to customers subject to certain conditions. In all other cases, you must obtain the recipient's prior consent.

Contacts