Any business operating in Northern Ireland and holding information from which living individuals can be identified will be subject to data protection legislation. This legislation regulates the collection, processing and disposal of personal data, and sets a higher standard of protection of sensitive personal data (for example, medical information).
Some of the key obligations under data protection legislation include:
Notifying customers, users of your website and others as to how you will obtain, record, hold, use, disclose and erase their personal data.
Drawing Up Employee Data Protection Policies
Providing the requisite information to employees through employee handbooks or employment contracts or a combination of both.
Register with the Information Commissioner’s Office or ICO
Unless you are exempt, all data controllers are currently required to register with the ICO via https://ico.org.uk/for-organisations/register/self-assessment/
Breach of data protection legislation may lead to a significant fine and adverse publicity.