Hey all,

Not sure whether this should be in Making or Creating, but it would be better in the ATs.

If you live in the UK and own a website, that's fine.
However, if you handle public logins and registrations that store emails, usernames or password or anything else (literally any data that isn't yours) it is a criminal offence to not be registered with the Data Protection Act. The fee for registration is £35 and has to be done yearly. If you handle over peoples data and are not registered with the Data Protection Act, you are committing a crime.

If you breach the Data Protection Act you can be fined up to £500,000.

When you register with the Data Protection Act, you HAVE to have a privacy policy that states EXACTLY what you do with the data and what data is stored.

Again, if not, you can can be fined up to £500,000.

Just wanted to post this in case no one knew.

That;'s only if you are a registered company.

myeducate wrote:

That;'s only if you are a registered company.

No it isn't and no it isn't.
The Data Protection Act applies to ANYONE whether they're an individual or organisation if they handle personally identifiable information of ANY KIND.

You're talking about the new GDPR regulations.

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

The GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

That's lifted from the Information Commissioner's website.

bybb wrote:

myeducate wrote:

That;'s only if you are a registered company.

No it isn't and no it isn't.
The Data Protection Act applies to ANYONE whether they're an individual or organisation if they handle personally identifiable information of ANY KIND.

This post refers to the Data Protection Act 1998. Other laws may outlaw certain activities that the 1998 Act considered legal, such as the new GDPR.

Yes, the Data Protection Act is a law that applies to everyone (even those that don't process data) – as that's how laws work, but no, not everyone has to register as a Data Controller. For example, some not-for-profit data controllers are exempt and need not register themselves with the Information Commissioner's Office; even if they process data. For example, I took ICO's self assesment quiz with these answers: https://ico.org.uk/for-organisations/register/self-assessment/y/N/Y/Yes/Yes/No/Yes – and did not need to register.

I am not a lawyer and this post is not legal advice. Check yourself whether you need to register.