The Data Protection Act 1998 replaced the DPA 1984 and is enforced by the Information Commissioner, whose office website is at www.ico.gov.uk

Othona is a Data Controller under the DPA but falls clearly into the exempt category for non-profit making organisations. This means the Community does not need to 'notify' the DPA or pay any fee provided all it does is process personal data for:
• staff administration
• advertising, marketing and public relations
• accounts and record keeping
• 'and certain processing operations'

However, the DPA states that anyone who processes personal information must make sure that personal information is:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than is necessary
6. Processed in line with your rights
7. Secure
8. Not transferred to other countries without adequate protection.

All data controllers are under a duty to provide their registrable particulars, as described in section 24 of the DPA, within 21 days of receiving a written request from any person. The Community Secretary holds a copy of section 24 and would, if required, provide the particulars within the stated time.

Statement approved by the trustees, following advice from Robbie Spence, on 23 June 2008