Regardless of the size of your organisation, the Data Protection Act 2018 will have an impact on every business in the Southeast. Every business has personal data on its employees, its clients or its customers. The sensitivity of that data varies from business to business, from e-mail addresses to personal bank details and medical reports, depending on the nature of your business. Under the Data Protection Act 2018, if a data breach were to occur in your organisation you could face a significant fine and damage to your brand if for example your IT system was compromised and the personal data of all your customers came into the hands of a third party.
In addition, you will also need to be very cautious sending marketing e-shots to individuals, especially if the individual has not explicitly opted-in to receive such correspondence, then you will be in contravention of the Data Protection Act 2018. Even keeping historical outdated personal data for no good business reason could put you in deep water with the Data Commissioner.
So, what should I do as May is rapidly approaching?
In broad terms you will need to audit everywhere where personal data is stored (both hard and soft copies). Then rank this data in terms of sensitivity. Remember that personal data is anything which can easily identify an individual. The following is a huge exercise which involves identifying all the risks of data breach associated with this data. This could be anything from a hacking risk to a disgruntled employee taking all you client details with the on a USB memory stick to an unencrypted laptop being left in your local café. The risks are many.
It is your responsibility as a business owner to mitigate against these risks and to compile and implement policies and procedures to minimise as any risks to personal data as possible. Please note that above is just a broad outline of what needs to be done, sooner rather than later. This is a huge task for most companies, but help is at hand from a commercially orientated and data protection savvy solicitor. A solicitor should not only guide you through the process but help ensure that your policies and processes are legally watertight and not only comply with the Data Protection Act 2018 but also complies with GDPR (General Data Protection Act 2018), which also comes into effect in May 2018.
For a confidential data protection consultation please contact Nicholas on [email protected] or simply ring 051-874 856