Module Recap

Module Recap

  • All data controllers must register with the Information Commissioner’s Office (ICO) and renew the registration annually. Failure to notify is a criminal offence.
  • Where it is essential to the business arrangement to pass data on to third parties, then the request for the product or service from the data subject is considered to be permission.
  • The data subject must give permission for data to be shared for marketing purposes. There must also be an opportunity for the data subject to opt out of further marketing communications.
  • Data may be transferred within the European Economic Area as it is considered that European countries have adequate, legal data protection in place. Outside of the EEA you must ensure that this legal protection is in place.
  • In cases where the business does not register or comply with the Act, the ICO can serve information notices, serve enforcement notices, conduct audits, issue monetary penalties, prosecute and report to Parliament.
  • Failing to respond to penalties, register with the ICO or process data without authorisation can result in prosecution and a maximum fine of £500,000.