What measures have you put in place for staff training in terms of data protection?

  13th October 2016      
 Employment Law, Employment, Human Resources

As a business grows, data protection becomes more important – but can often be neglected in favour of other IT activities, such as project work spikes, system upgrades and migrations. It is the responsibility of the company owner AND the IT department to keep in line with data protection laws, when your customer or employee data is on a server, in a cloud or even on a tiny USB stick.

Failure to do so can be costly in many ways. In 2014, a marketing firm was fined £70,000 by the Information Commissioner’s Office, while the Ministry of Justice was fined £180,000 for serious breaches of the Data Protection Act. But all this could have been avoided with a few simple measures. The Data Protection Act 1998 (DPA) is surprisingly straightforward to understand, considering it’s subject matter.

And it’s not just the technical team who need to be on top of it. Any department that deals with data, specifically marketing, sales, customer services and HR, has a responsibility to store that information safely. In 2017, additional measures will be brought in – European General Data Protection Regulation (GDPR).

The GDPR, replacing the EU Data Protection Act of 1995, brings the risk of bigger fines for breaches of data protection laws that could cost firms up to 5 per cent of global turnover, up to £100,000,000! The use of cloud computing makes this all-the-more important and many consumers and customers are understandably nervous about passing on their details for this reason. But if you are not up to date with data, don’t worry, you are not alone. Public sector, surprisingly few MPs — just three per cent — claim to have a good understanding of the upcoming data protection regulation.

A poll of 850 senior IT decision makers revealed 50 per cent of the British ITDMs surveyed were “completely unaware” of the impending regulation. Real Business has produced a useful 10-point checklist to help you understand your responsibilities. If measures are not in place to educate staff on this already, act now.

Join our LinkedIn IT group and tell us – what measures have you put in place for staff training in terms of data protection?


Keep in touch