Warning: Use of undefined constant includes - assumed 'includes' (this will throw an Error in a future version of PHP) in /homepages/14/d377707900/htdocs/tvpe.com/wp-content/themes/targetpro/functions.php on line 322
Principle 8 – What Else Do I Need to Know?
Call On: 0845 5442755

Principle 8 – What Else Do I Need to Know?


In my last post we discussed the need to comply with principle 8, when sending information about people outside of the UK, but what else needs to be considered?

The other principles of the Act will also be relevant to sending information about people outside of the UK. Primarily, principle 1 and principle 7:

  • Principle 1 – “Personal data shall be processed fairly and lawfully”
  • Principle 7 – “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

In relation to the first principle you should be asking questions such as,

  1. Has the individual been informed that their information will be disclosed outside the UK?  
  2. Is there a schedule 2 (more on that later) condition for the processing?

In most instances you will find that you have already complied in this area, but it is always best practice to check, and evidence that this has been considered before taking any action – if in doubt, ask!

In practice, principle 7 compliance can be achieved using a risk based approach – what does this mean?  Typically, what is appropriate for one organisation, will not suit another.  Therefore, you carry out a risk assessment and decide what is appropriate to mitigate the risks that you have identified.  Some of the essential areas that you will need to consider are:

  1. Who, within my organisation, is responsible for information security?  
  2. What physical and technical security is in place and is it appropriate for the risks identified?  
  3. Is this backed up by robust policy and procedure?  
  4. Is there an appropriate training plan in place for all employees?  
  5. Are we ready to respond to a breach swiftly and appropriately?

REMEMBER – this principle is not just about technology, it is also about people, policies and processes.

This may seem like an extra level of work and detail that adds to your already heavy workload, but by putting the time and effort in to getting it right now, it will restrict, if not avert, any potential fine or action taken against you!  Why wait?

Yours in getting it right NOW!



Social tagging: > > > > > > >

Leave a Reply