Is your data protection up to scratch?

/in , /by

The Information Commissioner’s Office (ICO) is urging the North West’s 512,000 SMEs to check they have the right data protection practices in place to help sustain and develop their businesses.

In a statement ahead of the annual Data Protection Day in January, the ICO stressed that good data protection practices “project positively” on a company’s reputation.

A recent survey, commissioned by the ICO, revealed that 91 per cent of people worried about having their personal information sold to other companies without their consent, and 87 per cent worried about a company losing their personal information.

Data protection law sets out what businesses should do to make sure that they are looking after people’s personal information properly and fairly.

The ICO says that in addition to the legal requirement, good data protection makes “economic sense”. It saves business owners time and money and shows customers that their information is being treated correctly.

The organisation has a suite of free resources providing advice and guidance on its dedicated SME hub. Its chief operating officer Paul Arnold said: “As we head into a new year, and a tough year for many small businesses, we want to help business owners work confidently and responsibly with the personal information they hold.

“It can be an incredibly valuable asset when held and processed responsibly and can enable hard-working business owners to develop their business, whilst instilling a real sense of confidence in their customers.

“Generally speaking, data protection law applies to all workplaces, business ventures, enterprises, societies, groups and clubs. That includes sole traders, the self-employed and company owners and directors.

“We live in a data-driven world and if used in the right way, data can really help a business achieve greater success.

“Data protection compliance is not a barrier to business success and the ICO is here to help. For example, we want to empower businesses and organisations to ensure their email marketing databases are working as hard as possible to reach the right customers, lawfully, every time.”

The ICO’s top tips for beginners in business:

1. Make a list – Start off by making a list of what personal information you have or plan to collect. You need to be able to account for all of it.

2. Ask why – There’s a balance to be made between what you want to do with people’s personal information, the benefits that brings to them and any harm that might be caused as a result. If you’re holding or using people’s personal information, it must always be fair as well as lawful.

3. Think security – Check your security measures line up with the sensitivity of the information you hold. Put stronger security measures in place if the data poses a higher risk or is sensitive.

4. Be transparent – It’s essential to explain to people: why you hold information about them; what you’ll do with it; and how long you’ll keep it before safely disposing of it. This should also be recorded in a privacy notice.

5. Know about subject access requests – People have the legal right to know what personal information you hold about them. The ICO has a step-by-step guide on how to deal with a subject access request.

6. Have a data breach action plan in place – If you lose personal information and it is likely to result in a risk to the people affected, you’ll need to report it to the ICO. It has produced a guide on how to respond to a personal information breach and the steps to take in an emergency.

7. Check in with the ICO regularly – The ICO website is updated regularly to help you take simple steps towards improving your data compliance