Is Your Business Compliant?

Nicole Barrett runs Compliance and Business Support Services and has agreed to write an article to help business owners like us. Having worked in compliance and quality assurance for most of her professional career, it is her role to help businesses with their Compliance and regulatory requirements.

It does sound extremely boring to most people but then again, saving people's livelihood from the big bad Government / Police / HMRC et al - makes me feel like a Super hero on most days. Today, let's focus on how to protect yourself and your business from the ICO

Let's talk Data Protection !

Yes, really! It is big, it's boring, yet it protects you, your business and your customers.

Why should I bother with Data Protection?

Any organisation that keeps records of another person (employee or consumer) must comply with the Data Protection Act. Not doing so can result in:

  • prosecution and severe fines from the ICO against your business and the business owner(s),
  • civil action from staff and customers,
  • destruction of the business' reputation, and
  • bringing your personal respectability into doubt.

No organisation is exempt as is clearly shown by prosecution activities invoked by the ICO against a very well-known UK charity in January 2016. The charity did not train their staff, failed vital IT standards and put people like you and me at risk. Scary and shocking, yet it happens at all levels.

Company Data Protection is getting more complicated, make sure that you know what you should know!

Which bits of the legislation do I need to think about?

Currently you must comply with the Data Protection Act and its 8 principles.

  1. Data must be fairly and lawfully processed
  2. Data must be processed for specific purposes
  3. Data must be adequate, relevant and not excessive
  4. Data must be accurate and kept up to date
  5. Data must not be kept for longer than is necessary
  6. Data must be processed in line with the rights of the individual
  7. Data must be kept secure
  8. Data must not be transferred to countries outside the European Economic Area unless there is adequate protection for the information

What to do?

Assuming you have not done anything yet, make some room in your schedule and focus. Most small businesses won't need to go through this process more than once a year.

  1. Register your organisation with the Information Commissioners (ICO). Then it's an annual renewal.
  2. Design a data protection policy which ensures your compliance with the 8 principles.
  3. Check your IT systems especially for Cyber Security and improve them where needed.
  4. Make sure you keep and use only the data that you are legally permitted to process.
  5. Most importantly: Train your staff!

During your activities treat personal data the same way you would your private bank account containing a million-pound roll-over lottery win. Protect it by a variety of means.

Need help? Do not hesitate to contact one of Nicole's friendly team for a chat or join one of their data protection courses.  They are running Introductory webinars on matters of data protection this year. These are 30min long, result in an electronic attendance certificate and cost a whopping £9.99 including VAT (well worth it!).  There is a 10% discount on these introductory webinars with the discount code TWITTERBH. So contact and make your booking now! info@cbsservices.co.uk 


Leave a comment about this article.

Please enter the verification code shown
Enter Security Code
Nicole_Barrett.jpg
Webinar_icon.jpgNicole_Barrett.jpg
Is Your Business Compliant? Are you a Business Owner? Any organisation that keeps records of another person (employee or consumer) must comply with the Data Protection Act. Not doing so can result in a huge headache for your business. Make sure that you know what you should know by

Nicole Barrett runs Compliance and Business Support Services and has agreed to write an article to help business owners like us. Having worked in compliance and quality assurance for most of her professional career, it is her role to help businesses with their Compliance and regulatory requirements.

It does sound extremely boring to most people but then again, saving people's livelihood from the big bad Government / Police / HMRC et al - makes me feel like a Super hero on most days. Today, let's focus on how to protect yourself and your business from the ICO

Let's talk Data Protection !

Yes, really! It is big, it's boring, yet it protects you, your business and your customers.

Why should I bother with Data Protection?

Any organisation that keeps records of another person (employee or consumer) must comply with the Data Protection Act. Not doing so can result in:

No organisation is exempt as is clearly shown by prosecution activities invoked by the ICO against a very well-known UK charity in January 2016. The charity did not train their staff, failed vital IT standards and put people like you and me at risk. Scary and shocking, yet it happens at all levels.

Company Data Protection is getting more complicated, make sure that you know what you should know!

Which bits of the legislation do I need to think about?

Currently you must comply with the Data Protection Act and its 8 principles.

  1. Data must be fairly and lawfully processed
  2. Data must be processed for specific purposes
  3. Data must be adequate, relevant and not excessive
  4. Data must be accurate and kept up to date
  5. Data must not be kept for longer than is necessary
  6. Data must be processed in line with the rights of the individual
  7. Data must be kept secure
  8. Data must not be transferred to countries outside the European Economic Area unless there is adequate protection for the information

What to do?

Assuming you have not done anything yet, make some room in your schedule and focus. Most small businesses won't need to go through this process more than once a year.

  1. Register your organisation with the Information Commissioners (ICO). Then it's an annual renewal.
  2. Design a data protection policy which ensures your compliance with the 8 principles.
  3. Check your IT systems especially for Cyber Security and improve them where needed.
  4. Make sure you keep and use only the data that you are legally permitted to process.
  5. Most importantly: Train your staff!

During your activities treat personal data the same way you would your private bank account containing a million-pound roll-over lottery win. Protect it by a variety of means.

Need help? Do not hesitate to contact one of Nicole's friendly team for a chat or join one of their data protection courses.  They are running Introductory webinars on matters of data protection this year. These are 30min long, result in an electronic attendance certificate and cost a whopping £9.99 including VAT (well worth it!).  There is a 10% discount on these introductory webinars with the discount code TWITTERBH. So contact and make your booking now! info@cbsservices.co.uk