Do I need to register for the data protection act?

Associate
Joined
5 Dec 2007
Posts
1,294
Hi guys,

I've been creating IT policies for a new LTD company and I'm stuck on the data protection act. Myself and a friend run an online store. We get to see personal information like names, addresses and emails as it's required for them to make an order. Does this mean we have to register or are we exempt as it's very basic and essential information?

I don't save personal data on my PC, but I manage it though the internet/email etc.

Any help with this matter is much appreciated.

P.S I did a google & ocuk search before this post and couldn't find the answer
 
You might want to check your data policies with your online card provider.

I use Streamline (now part of Worldpay I think) and had a letter through a few months back saying about new security procedures and certifying that we conformed to certain standards in regards to data protection etc.

It was an absolute load of waffle but we had to jump through the hoops otherwise we wouldn't have a leg to stand on if a fradulant transaction went through, we would have to take the hit.

Blooming certificate has to be done each year and will cost us £30 as well, it's a complete scam but an official one unfortunately. :(
 
Thanks for the heads up. We use Google checkout so we don't need PCI. We have an SSL for the site for whenever personal info is stored.
 
You might want to check your data policies with your online card provider.

I use Streamline (now part of Worldpay I think) and had a letter through a few months back saying about new security procedures and certifying that we conformed to certain standards in regards to data protection etc.

It was an absolute load of waffle but we had to jump through the hoops otherwise we wouldn't have a leg to stand on if a fradulant transaction went through, we would have to take the hit.

Blooming certificate has to be done each year and will cost us £30 as well, it's a complete scam but an official one unfortunately. :(

That is PCI-DSS certification and nothing to do with data protection act. Streamline have actually be ranting on about PCI compliance for a long time (years now) but there are still ways around it as the trustwave system doesnt actually validate the "yes i'm compliant" answer, so you can tell them you are and not be ;)
 
Whatever you do, stay away from PCI compliance if you can. I've had them tell me my network is not compliant due to flaws in 3 different applications which are not installed anywhere inside the company. After telling them this, they quickly remove it from the results and i'm compliant again. Aren't these guys supposed to be top of the game? Every quarter I have to get in touch to tell them something they found is wrong.
 
Back
Top Bottom