Data Protection Health Check
This checklist is based on UK law. It was last updated
in August 2005.
Can you date your data?
- Do you know when you collected it?
- Can you connect it to the data protection notice that you
used?
- Do you know under which
DP
Act the data were
collected?
Can you capture opt-out by medium?
- You need to be able to recall each individual's contact
preferences (e.g. direct mail, email, telephone,
SMS
)
and to relate it to the data protection notice you have used.
- Do you meet the requirements of The Privacy and Electronic
Communications Regulations to obtain each individual's
prior consent to all forms of communication other than mail?
Do you know the source of the data?
- Under data protection law you have to be able to tell anybody
who asks you where you got their data from (so far as the
information is available to you).
Can you sort good data from bad?
- Have you contaminated your records by mixing "bad" data in with
"good" data (so that your aggregate data is now unusable)?
- Can you identify "bad" data so it can be removed from otherwise
usable data?
- Have you built an audit trail of how datasets were built?
Have you got a record of those to whom you have ever disclosed
data?
- Under data protection law you must know everyone to whom data
has been disclosed.
- You also need to "seed" the data you disclose to third parties
to monitor their use by data processors. Do you operate a "seed"
management system?
Can you distinguish between the email addresses of prospects
and customers?
- You may only send direct marketing emails to
customers subject to certain conditions. In all other cases,
you must obtain the recipient's prior consent.
Contact:Louise Townsend or Rosemary Jay (Manchester, 0161 250 0100)
