Ok, so data protection isn’t the most riveting topic, but there’s no escaping it if you’re in business. Ignorance simply isn’t a form of defence and you need to know your responsibilities and get them right. The consequences aren’t pleasant.
Making mistakes when it comes to data protection can cost – in terms of hefty fines, reputation, and fundamentally, your bottom line. What’s worse is that data protection problems are literally everywhere when it comes to running a business.
Before you think ‘this doesn’t apply to me, I’m not a huge business’, think again. Yes, it’s the big hacks like Yahoo and the NHS that hit our headlines, but just because you’re not big, doesn’t mean you’re not responsible for data protection.
Data and Small Businesses
Almost certainly, the Data Protection Act applies to you. Unless you don’t have an online presence, don’t work with people at all, or just happen to be an exempt non-profit, you need to pay heed to Data Protection. So, yes, that’s pretty much everyone. Big or small.
However, it’s actually not too hard to ensure compliance with the Data Protection Act just by operating best practice. However, there are a few key things you need to look at.
Do you need to register with the Information Commissioner?
This is the question many small businesses will jump to. What’s great is that the Information Commissioner’s Office (ICO) have a nifty little tool to help you work this out, here.
This means making sure you have everything sensible from virus protection through to firewalls, password protections and backups. If you store (and likely utilise) information on your computer, you need to make sure Mr Unethical can’t get to it. However, it also means being clear with everyone in your business about how data can be used, and shared.
In addition to cyber security, you may need to ensure you have some old-school locks and bolts security on physical premises. Here you’re looking at lockable filing cabinets through to how you lock the doors at night and having a paper shredder.
Making Data Protection Everyone’s Responsibility
Furthermore, data protection is no one individual’s responsibility. Whilst just one person may have the title of Information Officer along with their other duties, everyone needs to be singing from the same hymn sheet.
The easiest way to ensure this happens is to train your staff in data protection, enabling them to understand your policies, and the reasoning behind them, as well as giving them the skills to identify any potential risks.
What’s good about data protection compliance is that it isn’t actually hard. It’s not about trying to trip businesses up, and the vast majority of it – especially for small businesses – is simply sound common sense and best practice.
It’s worth doing, not only because it will keep you on the right side of data protection law, but it will also ensure you have a fantastic reputation based on integrity.
Want to learn more?
Subscribe to our newsletter to get accounting tips like this right to your inbox
About The Author
We work very closely with our expert accountants to bring you the latest factually correct tax and accounting news. We also enjoy writing about small business news that we hope you find useful!