Wednesday 16 November 2016
What should my business do to protect personal data?
'Personal data' could include information about staff, customers, suppliers and contractors. If your business deals with personal data, you must take appropriate measures to protect that data. The Information Commissioner's Office can fine organisations up to £500,000 for a serious breach of the Data Protection Act.
You should assess what personal data you hold, and the risks if that data was misused, lost or stolen. If the risk of damage or distress would be significant, the measures you take to protect the data should be more robust.
Some measures you might want to consider include staff training, physical security, (eg locks, alarms, encryption of portable devices) and computer security (eg protecting data from viruses and hacking, adeuate security if staff are working at home.)
All too often businesses don't start to think about the measures they can take to ensure personal data is protected until a security breach occurs and they find themselves risking a fine or paying compensation.