Blog

Can you afford NOT to do a compliance check?

Fines totalling nearly £1,000,000 issued so far this year to businesses for failing to comply with data protection law. Can you afford not to do a compliance check?

Spring is nearly upon us so what better time to get your business compliant with data protection law in readiness for the coming year.

Firstly, ask yourself this question, “Does my business hold and process someone’s personal data?” If yes, then ask yourself “Is my business compliant with data protection law?”

Now, I suspect there’s only a small number of businesses who can truthfully say their business is currently fully compliant. I also know, from talking with businesses, that a large proportion of small to medium enterprises (SME) are unaware that they do actually process personal data and don’t know if they are therefore compliant with data protection law. This is really a case of what you don’t know, you don’t know, rather than businesses deliberately ignoring their legal obligations under data protection law. Raising awareness of data protection to businesses and charities is another topic in itself and best left for another blog!

So, back to subject, if you’re an SME and you gather information about your customers, suppliers and employees you are legally obliged to protect that information in line with the Data Protection Act 1998. But what can you do to check your compliance?

Well, the good news for all SMEs is that the Information Commissioner’s Office has produced a very useful self-assessment toolkit which you can use to see how good, or dare I say it bad, your data protection compliance is. I would strongly recommend all SMEs undertake this self-assessment – https://ico.org.uk/for-organisations/improve-your-practices/data-protection-self-assessment-toolkit/

All you need to do is complete the self-assessment honestly, otherwise how do you know where you need to improve! Once completed a report is produced, which gives you an overall assurance rating, and where you have only partially or not yet implemented processes, recommended actions are given on what you need to do to improve your compliance.

Implementing change and new processes in your business to become legally compliant in a topic that you may have limited knowledge about can be very daunting and difficult to do. However, this need not be the case, as I am here to help. Why don’t you let someone with the expertise, knowledge and skills in data protection take the stress and worry away and help you implement the recommended actions from the self-assessment?

If you’re a larger organisation who requires a more detailed review of your data protection compliance perhaps a comprehensive audit would be more useful to you, which is also something Dunwell Data Protection can provide.

If you’re in any doubt as to whether you should do a compliance check perhaps knowing that a breach of data protection law can lead to a fine of up to £500K may just be the incentive you need. With only 3 months of this year gone the UK regulator has so far issued fines totalling nearly £1,000,000. Can you, therefore, afford not to do a compliance check?

If you would like to have a chat with me about compliance auditing your business, using the ICOs self-assessment toolkit or implementing recommendations from the completed self-assessment please do get in touch.