The Information Commissioner’s Office (ICO) has launched a self-assessment toolkit to help SMEs assess whether their operations are compliant with the Data Protection Act.
The toolkit takes the form of an online assessment into the main obligations of the SME towards processing their customers’ personal information. It covers data protection assurance, records management, information security, data sharing and subject access and direct marketing, providing a report that can be used by SMEs to understand how they can improve their management of data. Recommendations are linked to guidance available on the ICO website.
The ICO guidance is a timely reminder of the need for businesses of all sizes to assess their risk and take actions to minimise data protection breaches. To mark European Data Protection Day on 28th January 2016, the ICO issued a release warning of the risk to reputation of failing to protect data. It included the results of a YouGov poll that showed that nearly 80% of UK consumers would ‘think twice’ about giving their custom to an online company that had made headlines for failing to stop a data security breach. As the report notes, whilst fines of up to £500,000 for breaches of the Data Protection Act are a clear deterrent, the impact of reputational damage caused by security failings may be an even bigger motivation for many companies to ensure the safety of the data that they process.
The toolkit is available at https://ico.org.uk/for-organisations/improve-your-practices/data-protection-self-assessment-toolkit/.