As a business grows, data protection becomes more important – but can often be neglected in favour of other IT activities, such as project work spikes, system upgrades and migrations. It is the responsibility of the company owner AND the IT department to keep in line with data protection laws, when your customer or employee data is on a server, in a cloud or even on a tiny USB stick.
Failure to do so can be costly in many ways. In 2014, a marketing firm was fined £70,000 by the Information Commissioner’s Office, while the Ministry of Justice was fined £180,000 for serious breaches of the Data Protection Act. But all this could have been avoided with a few simple measures. The Data Protection Act 1998 (DPA) is surprisingly straightforward to understand, considering it’s subject matter.
And it’s not just the technical team who need to be on top of it. Any department that deals with data, specifically marketing, sales, customer services and HR, has a responsibility to store that information safely. In 2017, additional measures will be brought in – European General Data Protection Regulation (GDPR).
The GDPR, replacing the EU Data Protection Act of 1995, brings the risk of bigger fines for breaches of data protection laws that could cost firms up to 5 per cent of global turnover, up to £100,000,000! The use of cloud computing makes this all-the-more important and many consumers and customers are understandably nervous about passing on their details for this reason. But if you are not up to date with data, don’t worry, you are not alone. Public sector, surprisingly few MPs — just three per cent — claim to have a good understanding of the upcoming data protection regulation.