The Data Protection Act applies to a wide range of entities, including small businesses, volunteer organisations, strata plans, churches, clubs and associations, charities, public authorities, etc. They may come in all different sizes, and may process different types of personal information which carry different levels of risks for the privacy of the individuals whose information they hold.

This guidance is intended for entities that do not deal with sensitive types of personal information which would permit more than a superficial insight into the individuals’ characteristics, such as:

• behaviour (e.g. through profiling),
• finances,
• race or ethnicity,
• political opinions,
• religious or similar beliefs,
• trade union membership,
• genetic data,
• physical or mental health and conditions,
• medical data,
• sex life,
• proceedings for any offence, or commission or alleged commission thereof.

If your business or organisation does not hold personal information that gives more than a superficial insight into the above matters, this guidance applies to you.

If your business or organisation does hold personal information that gives meaningful insight into the above matters, you should consult our in-depth Guide for Data Controllers.

This document is intended as a quick reference tool. It provides a walkthrough of data protection act and can serve as a refresher to the in-depth guidance available on our website. There is also an easy to use checklist with which you can assess your organisation against the requirements put forward by the Data Protection Act (the DPA).

Last update: 19 April 2021

Previous Next