Any business operating in Northern Ireland and holding information from which living individuals can be identified will be subject to data protection legislation. This legislation regulates the collection, processing and disposal of personal data, and sets a higher standard of protection of sensitive personal data (for example, medical information).
Some of the key obligations under data protection legislation include:
Notifying customers, users of your website and others as to how you will obtain, record, hold, use, disclose and erase their personal data.
Drawing Up Employee Data Protection Policies
Providing the requisite information to employees through employee handbooks or employment contracts or a combination of both.
Pay a processing fee to the Information Commissioner’s Office or ICO
Unless you are exempt, all persons processing personal data need to pay a fee to the ICO. You can find out whether you are exempt by completing the ICO’s self-assessment checklist here https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
Breaches of data protection legislation may lead to a significant fine and adverse publicity.