The Data Protection Act's first transition stage comes to an end today, which means from tomorrow companies will have to comply with provisions of the Act or face a hefty £5,000 fine.
Today's deadline demands all personal data held by a company, whether stored in digital or handwritten format, must be held securely to ensure the rights of individuals are "adequately protected".
Although many small businesses have been struggling to comply with the terms of the Act, the EC has reiterated the positive benefits of the transition. But it may be a little difficult from companies' perspectives to see just what these are.
In effect the provisions will mean that any company which holds an individual's personal information, such as credit card details and addresses, must notify the individual of what information they have. If the individual demands this information is not passed on to a third party or used for marketing purposes, then the companies must comply with these wishes.
So there are clear benefits for individuals but little benefit for companies other than the £10 fee they are able, under the terms of the Act, to charge individuals for accessing their personal information.
"Small businesses have struggled hard to meet the criteria and there has been little incentive for them to comply with the Act because they feel there's nothing in it for them," said a spokesperson at the federation of small businesses.
The commission has issued a warning to companies about a group called The Data Collection Enforcement Agency, which has been approaching companies about the Act. The DCEA is not connected to the commission in anyway and if companies are contacted by the group they should notify their local Trading Standards officers immediately.