Figure 3.2 suggests some of the issues that should be considered when a data subject is
informed of how the data will be used. Important issues are:
Whether future communications will be sent to the individual (explicit consent is
required for this in online channels; this is clarified by the related Privacy and
Electronic Communications Regulation Act which is referred to below);
Whether the data will be passed on to third parties (again explicit consent is required);
How long the data will be kept.3 Adequate, relevant and not excessive
In full:Personal data shall be adequate, relevant and not excessive in relation to the purpose or
purposes for which they are processed.This specifies that the minimum necessary amount of data is requested for processing.
There is difficulty in reconciling this provision between the needs of the individual and
the needs of the company. The more details that an organisation has about a customer,
then the better they can understand that customer and so develop products and market-
ing communications specific to that customer which they are more likely to respond to.4 Accurate
In full:Personal data shall be accurate and, where necessary, kept up to date.It is clearly also in the interest of an organisation in an ongoing relationship with a
partner that the data be kept accurate and up-to-date. The guidelines on the Act suggest
that additional steps should be taken to check data are accurate, in case they are in error,
for example due to mis-keying by the data subject or the organisation or for some otherCHAPTER 3· THE INTERNET MACRO-ENVIRONMENT
Figure 3.2Information flows that need to be understood for compliance with data
protection legislationDo I understand?- the purpose
- likely consequences
- future use
...of my given data
‘Data subject’
i.e. Prospect
or Customer‘Data controller’
Individual in organisation
responsible for
personal data
1 Obtain ‘personal data’2 Store ‘personal data’3 Disseminate and use
‘personal data’4 Modify and
delete data