The 1998 legislation places responsibilities on any organisation to process personal data that it holds in a fair and proper way. Failure to do so can amount to a criminal offence. The effect of the Act on how a business processes its information on workers can be difficult to understand in some areas, which is why the Code was published – to state what an employer needs to check and what action needs to be taken.
Although the Code contains guidance and is not legally binding, it contains the benchmarks that the Commissioner will use when deciding whether or not to enforce the Act. Consequently, organisations would be well advised to consider its contents very carefully.
The three other parts of the Employment Practices Data Protection Code cover recruitment and selection, monitoring at work and medical information.