Data Protection Act 1998

Here's a full index of our Data Protection Act 1998 guidance for organisations

Anonymisation

• Anonymisation code of practice

Audits

• Assessment notices code of practice
• Guide to ICO PECR audits
• Guide to ICO advisory visits

Big Data

• Big data, artificial intelligence, machine learning and data protection

Binding Corporate Rules

• Binding Corporate Rules 

CCTV

• CCTV code of practice
• CCTV in pubs – FAQs
• ICO view on CCTV in pubs

Credit and finance

• Credit agreements – data sharing

Crime mapping

• Crime mapping advice

Data processing

• Data controllers and data processors: what the difference is and what the governance implications are

Data sharing

• Data sharing checklists
• Data sharing checklists Welsh
• Data sharing code of practice

Deletion

• Deleting personal data

Data Protection - general 

• Taking a positive approach to information rights
• Training checklist for small and medium sized organisations

Education

• Publication of examination results by school
• Taking photos in schools

Employment

• Employment practices code
• Employment practices code – a quick guide
• Employment practices code – supplementary guidance

Encryption

• Encryption 

Exemptions

• Using the crime and taxation exemptions
• Social networking and online forums – when does the DPA apply?
• Regulatory activity exemption

Identity scanning

• Use of ID scanning devices in pubs and clubs

International transfer

• Assessing adequacy for international data transfers
• Binding Corporate Rules
• Data transfers to the US and the Privacy Shield

Marketing

• Direct marketing
• Direct marketing checklist – ideal for small businesses
• Companies receiving unwanted marketing
• Guidance on political campaigning

The media

• Data protection and journalism: a guide for the media
• Data protection and journalism: a quick guide

MPs and elected officials

• Advice for elected and prospective councillors
• Disclosure of personal information by local authorities to councillors
• Constituency casework of Members of Parliament and the processing of sensitive personal data
• Guidance on political campaigning

Online and computing

• Bring your own device (BYOD) guidance
• Cloud computing
• IT asset disposal
• Personal information online code of practice
• Privacy in mobile apps: guidance for app developers
• Social networking and online forums – when does the DPA apply?
• Wi-Fi location analytics

Relevant filing system

• FAQs and answers about relevant filing systems

RFID

• Radio frequency identification

Security

• A practical guide to IT security: ideal for the small business
• A practical guide to IT security: ideal for the small business (Welsh)
• Encryption
• Notification of privacy and electronic communications security breaches

Subject access

• Access to information held in complaint files
• Enforced subject access (section 56)
• How to disclose information safely – removing personal data from information requests and datasets
• Regulatory activity exemption
• Subject access: code of practice
• Subject access: code of practice (Welsh)
• Subject access: responding to a request checklist

 Privacy and Electronic Communications Regulations 2003

• The Guide to Privacy and electronic communications
• Advice on the new cookies Regulations
• Notification of privacy and electronic communications security breaches
• Direct marketing
• Direct marketing checklist – ideal for small businesses
• Companies receiving unwanted marketing
• Guidance on political campaigning