The UK Data Protection Act (1998) requires any organisations that receives, transmits, stores or processes personal information to comply with the eight basic principles contained in Schedule 1 of the Act.


The essence of the eight principles can be summarised as follows:



  • Personal data shall be processed fairly and lawfully

  • Personal data shall be obtained only for lawful purposes

  • Personal data shall be adequate, relevant and not excessive

  • Personal data shall be accurate and kept up to date

  • Personal data shall not be kept longer than necessary

  • Personal data shall be processed in accordance with the rights of data subjects under this Act

  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing

  • Personal data shall not be transferred to a country or territory outside the EU except in specific instances where equivalency of safe-harbour applies

Compliance with the Data Protection Act is a legal requirement for all organisations operating in the United Kingdom which collect, store or process personally identifiable information. Ensuring ongoing compliance with the Act is therefore an essential management activity for any company or organisation which engages is the abovementioned activities.


In addition to potential penalties that may be imposed by the courts or the Information Commissioner’s Office, most modern organisations are reliant on their brand reputation to attract and retain customers and partners in the private sector or to achieve their organsational or statutory goals in the public sector.


As such a breach of data privacy could have far wider consequences than any sanction imposed by the Information Commissioner or any other regulatory body and could compromise a key commercial relationship or prejudice your organisation’s ability to win and retain customers.


Achieving compliance with the Data Protection Act should begin with the selection of an expert third party advisor and is achievable through a regime of analysis and assessment, training and awareness initiatives, organsational support and policy implementation all of which need to be underpinned by appropriate technological architectural and infrastructure investments.


In conjunction with the expert advisor, the next step will be assess your organisation against the eight principles of Schedule One of the Act and determine a remediation plan that will close off any shortcomings identified in the most pragmatic and cost efficient manner.


This is usually achieved by a process involving the following steps:



  1. Scoping of private data environment

  2. Gap analysis and assessment of current level of compliance

  3. Remediation phase to address identified gaps

  4. Re-assessment and issue of Report on Compliance

The expert advisor will also recommend how best to deal with subject data requests by data subjects whose personal data your organisation controls.


How can Sysnet Global Solutions help?
Sysnet has a team of information security consultants whom are well versed in the governance, risk and compliance of personal data. Sysnet is able to provide advice on how to protect your data as well as distributing this data in a safe and a secure manner. Our consultants have strong experience in dealing with data protection issues and how the movement and the storage of data can impact your business operational tasks. Not only can Sysnet provide consultancy advice on how to protect your data but also what to do if there is a data breach and how best to contain any unfortunate events that may happen.


For further information on our Information Security Services, please contact one of our Sales representatives by calling +353 (0)1 495 1300 or by completing our Online Enquiry Form or Request a Call Back Form.