It’s easy to think that data protection is for big businesses, like banks. Most people wouldn’t think it was OK to pass on someone’s phone number or email address without their permission. However, the ownership and real value of personal data, including your own may not be something you’ve considered in detail.
All that has changed. If you are anything like me, you are now borderline paranoid, even about signing up for newsletters. I spend a part of every day reading horror stories about data breaches and phishing campaigns. So many of them are so ‘but for the grace of..’ that I rejected genuine emails when I last did the Google phishing quiz – click on the link and test yourself.
Where are we now?
Latest statistics show that far more small businesses don’t have anything in place for compliance than do. That’s since May 2018 when GDPR and the latest UK Data Protection Act came into force. The real risk is that the potential fines can easily wipe out a small business. Check out this article about the first UK fine issued by the ICO.
Where’s the value?
A shift in the way we think of our own personal information brings data protection into focus. Consider your personal data as a bag of gold coins. Your full name counts as one, your home address is another, your date of birth another and so on. You will share these bits of data many times during your lifetime. But you will want to control who you share your gold with. Anyone who uses it without your consent has effectively stolen it. Calling personal data gold is a bit melodramatic but it’s is a very valuable commodity.
Whose data is it anyway?
The fundamental principle underlying the recent legislation is personal data belongs to the individual. That’s regardless of who they have chosen to share with. All of the same rights apply to a business’s clients, customers, suppliers, staff, contractors, etc.. It doesn’t matter if they are paper-based or digital. As a business holding other people’s personal data, the responsibilities for honouring these rights and protecting their data lies with the data controller i.e. the owner or director(s).
So what’s the good news?
But there is a definite upside for businesses in going through the steps of looking at what data is held, where and how it is processed. It focuses the mind and spotting existing or potential problems is just part of the process. Putting the various documents, policies and security measures in place to protect other people’s data can give a business the perfect opportunity to streamline, refine and improve its whole operation.
It isn’t necessary for the data controller to be an expert. It’s important to understand that there are steps that must be taken and to be committed to taking them. The business does need that expertise but it can be provided by an external consultant or support service. This option is the most practical for most small and micro-businesses.
The Information Commissioners Office (ICO) has a slew of helpful information and interactive quizzes to point you in the right direction to get started.
The investment of time and/or money spent on getting and keeping a business compliant will be worth its weight in gold. It is up to the data controller to decide whose time will be best spent. Contact us for help with your data protection.