|
|
 |
|
United Kingdom:
Data Protection Act 1998
The UK Home Office is currently consulting on the implementation of the 1998 Data Protection Act (which started to come into effect on 24 October). In its second consultation paper, the Home Office discusses the requirements for ‘notification’ (which will replace ‘registration’ once the Act is in force). Pension plans that have already registered as data users with the Data Protection Registrar will not have to notify under the
new regime until the existing registration expires (or 24 October 2001, if earlier). Once a notification has been made it will no longer be necessary to re-register every three years. Instead, data users will be required to pay an annual fee and keep their notified details up-to-date.
The aim is to simplify the notification process where possible. Thus the purposes for which data will be used will be grouped into very broad categories and many applicants will be given partially-completed application forms relevant to the type of data processing they will be undertaking. ‘In due course’ it should be possible to complete the notification procedure on the internet.
The new legislation allows for different fee levels, and the consultation paper asks whether the Government should continue with a flat-rate charge, or should link the fee to the size of the organisation, the number of purposes or the amount of work the notification is likely to cause the Data Protection Commissioner (the new title for the Data Protection Registrar). While the old regime continues, the Registrar should be reminding data users that their registration is about to expire. However, if the experience of one or two plans is anything to go by, it seems this does not always happen. Pension plan administrators might wish to check that their registration is up-to-date.
|
|
|
|
|
|
Contact Us 