More than 7,000 contracts advertised on new Government website

Many new or small businesses have information about customers or staff that they should be storing in a way that complies with the Act. Failure to do so can lead to a fine and loss of your good name with customers and suppliers.

What information is covered?

The Act covers personal information about:

• living individuals,

• named people;

• people you may not have named but who would be identifiable from the information you hold about them, for example, their email address.

'Personal information' include names, addresses, bank details, National Insurance numbers and opinions expressed about that person.

Under the Act organisations must follow eight principles. Personal information must be:

• processed fairly and lawfully;

• processed for one or more specified and lawful purposes;

• adequate, relevant and not excessive;

• accurate;

• kept for no longer than is necessary;

• processed in line with their rights;

• kept secure;

• not transferred outside the European Economic Area (the European Union plus Norway, Iceland and Liechtenstein) unless there is adequate protection.

Using information

The best way to ensure that you are using personal information in the right way is to have the individual's permission.

It's safest to have this in writing and to make it part of your office system. Save time and money, for example, by including a data protection policy on the reverse of a job application form or in a job contract.

Generally, you can't pass on information to another organisation unless you've told the individual you were going to do this.

Exceptions include, for example, if the police ask for information and telling the individual would prejudice a court case.

There are very strict rules about using personal information from the following categories and you should consult the Act before doing so:

• racial or ethnic origin

• political opinions

• religious or similar beliefs

• trade union membership

• physical or mental health

• sex life

• offences or alleged offences committed

• proceedings relating to those offences or alleged offences

The DPA also covers information gathered from monitoring staff. Monitoring without staff's knowledge, for example using a hidden camera, is rarely justifiable and might contravene human rights. As Brian McLelland, Managing Director of Business Lawyers Ltd., says, "The law does not like covert surveillance."

Appoint a data controller

It's sensible to give one person the duty of ensuring that you comply with the DPA and other legislation such as the Freedom of Information Act 2000. It's their job to tell staff how to handle and store data safely.

Information should be safe from theft, fire or flood and, ideally, protected by an alarm. Electronic data should be properly backed up and not available for visitors to read.

Include a privacy statement on your website and be open about the use of 'cookies', which track the movement of visitors to your site. Tell users how and why you are using cookies and give them the chance to opt out.

Check whether your business should notify the Information Commissioner's Office (ICO) about how you process information. The Government's businesslink website has an interactive tool that can help.

Access to information

Individuals have the right to:

• ask you what information is being processed and why, and who it may be disclosed to;

• receive a copy of personal information;

• know its source;

• correct any inaccurate details;

• stop their details being used in direct marketing;

• claim compensation if the DPA is breached;

• (in most cases) stop decisions about them being made solely by a computer programme.

A business has 40 days to answer a request and can charge up to £10. The information must be easily understood - any office codes, for example, must be explained.

Complying with the DPA takes time but makes good business sense. It can help you target your customers effectively and ensure that you don't upset existing customers by being careless with personal details.

Businesslink: http://www.businesslink.gov.uk

Information Commissioner's Office: http://www.ico.gov.uk

Department for Constitutional Affairs: http://www.dca.gov.uk/ccpd/infcom.htm

Business Lawyers: http://www.business-lawyers.org