Data Protection Act Checklist

Printer-friendly versionPrinter-friendly version

Use the following checklist to help you to comply with the Data Protection Act.

If you can answer ‘yes’ to all of the questions below then it shows that you have an understanding of the Act and that policies and procedures are in place.

This understanding does not however guarantee compliance.

  1. Do you really need the information about an individual and do you know what you are going to use it for?
  2. Do individuals know that you are holding information about them and do they understand what it will be used for?
  3. Is the information being held securely, whether it is on paper, on computer files or on a website?
  4. Is the information destroyed as soon as you have no more use for it?
  5. Is access to the information restricted to those with a legitimate need to see it?
  6. If details about any individual are to appear on a website is their consent documented beforehand?
  7. If you are using CCTV do you have notices informing people why CCTV is being used, and are the cameras sited so as not to intrude on anyone’s privacy?
  8. If you monitor staff use of email or internet, have they been informed why this is being done and what is being monitored?
  9. Have staff members been trained in their responsibilities with regards to the Act?
  10. If asked to pass on personal information, do all staff in the organisation understand the conditions under which the Act allows this to be done?
  11. Is there a written policy on data protection issues?
  12. Do you need to inform the Information Commissioner?

For more information see