Brian Miller Solicitor's Data Protection & Privacy Blog

With the coming into force of EU data protection legislation and the rising reputational and regulatory risks from data breaches, please see below a data compliance checklist, which we hope your organisation or business will find useful.  NOTIFICATION Business registered with the Information Commissioner’s Office? If registered, is entry up to date/relevant/wide enough to cover future uses? COMPLIANCE WITH DATA PROTECTION PRINCIPLES What personal information is held and why Is the information collected necessary for the purposes for which it is held? How is accuracy of personal information checked? How is information kept up to date? How long is information held? Where is information held? If on servers, where are servers based? Is the information secure? What staff have access to the information and why? Is the information disclosed to any third parties? What details are provided when information is collected? POLICIES Have staff been trained i

The use of cloud computing is on an exponential rise, as it offers users almost unlimited storage of data, reduces the need for organisations to have physical servers and allows easy access to information from anywhere in the world. As such, many UK based organisations are now turning to cloud computing to satisfy their data storage needs. But there is one issue which seeks to bring grey clouds over an otherwise silver lining and that is data security . By using the cloud instead of a physical storage device, organisations are obliged to hand over data to a third party cloud provider, some or all of which might be personal data within the meaning of the Data Protection Act. An organisation must therefore be sure, before it enters into a contract with a cloud provider, that its information will be kept securely and the provider’s handling of data will be compliant with the Act and any other applicable laws. Before you embark upon acquiring a business which uses cloud computing o