Compliance Requirements

Data protection


Data Protection

If you handle personal information about individuals, you have a legal obligation to protect that information under the Data Protection Act 2018.

In order to deliver an effective relocation service, your business probably collects and uses a great deal of personal information relating to your customers and their families.  You will hold full contact information.  You may also hold their dates of birth, their children’s names and sometimes, their medical history.  UK law refers to this type of information as "personal data" and imposes stringent legal obligations on all businesses which handle such data.

Compliance with data protection law has been high on the agenda of most businesses, across all industry sectors, since the introduction, in 2018, of the EU's General Data Protection Regulation (GDPR).  Although the UK is no longer part of the EU, the GDPR has been incorporated into UK law.

There are six underlying “Principles” governing the processing of personal data and you must comply with each of these:

  1. Lawfulness, fairness and transparency – you need a legal basis for processing an individual’s data (e.g. consent or a contractual obligation) and you need to explain, in plain language, how you will use the data. 
  2. Purpose limitation - you can only collect and process personal data for "specified, explicit and legitimate" purposes. 
  3. Data minimisation - you can only collect data which is "relevant" and is "limited to what is necessary".
  4. Accuracy - all data held by you should be accurate and up-to-date.
  5. Storage limitation - you should not retain personal data for longer than is necessary to fulfil the purposes for which the data was collected.  
  6. Integrity and confidentiality - your business must have appropriate data security measures in place.

One of the main rights, which the Data Protection Act gives to individuals, is access to their personal information. An individual can send you a request requiring you to tell them about the personal information you hold about them, and to provide them with a copy of that information. In most cases you must respond to a request within one month of receiving it.

All public and private organisations are legally obliged to protect any personal information they hold, and most businesses require to register with the Information Commissioner’s Office (ICO). The cost is typically £40 or £60 per annum. 

More detailed information on how data protection law applies to relocation businesses is contained in The ARP Guide to Legal Compliance, which is available free to ARP members.

For further information click here