The main issue that any organisation that runs a website needs to consider is whether it is the data controller of that site. This is because data controllers have the responsibility to ensure that any processing of personal data complies with the DPA and will be liable if it does not.

Data controllers of websites that permit people to ‘post’ items on them have an obligation to take ‘reasonable steps’ to check the accuracy of any personal data that is posted on their site by third parties. 

Every organisation operating a website needs to have a privacy statement, (unless the website is only used for publishing information and does not collect any ‘postings’ from users).


This article is intended for informational purposes only and should not be relied upon as legal advice.

PS: While you’re here, why not take out DP Test?

To contact DataHelp email or call 07902 395989