Joanne Gallagher, Partner and head of our Corporate and Commercial team speaks to Thinking Business about "data selfies" and how businesses can assess their compliance with the Data Protection Act of 1998.
Most businesses are aware of their obligations under the Data Protection Act of 1998 (the Act). However, it is a good idea to take regular “data selfies” to make sure your practices are up-to-date.
To assist businesses with assessing their compliance with the Act, the Information Commissioner’s Office (ICO) offers an on-line self-assessment toolkit. You can tailor your self-assessment by choosing questions from the following areas -- data protection assurance, records management, information security, data sharing and subject access, and direct marketing.
If you were to take a data selfie now, how would you answer these questions?
- Have you registered with the ICO, and is the registration current?
- Do you have data protection and information security policies?
- Who heads up data protection in your business?
- Do you provide staff training on data protection?
- Do you have privacy notices, and do you have a process to respond to individuals’ requests for information?
- If you outsource overseas, do you know how the vendor protects your data?
Joanne says, "Taking a data selfie now will help you to prepare for the General Data Protection Regulation (GDPR), which comes into force across the EU in May 2018. The GDPR will have stricter requirements for data protection, and heavier fines for non-compliance. Regardless of Brexit, the UK will need to comply with the GDPR while it is still in the EU."
The full article is available online via digital magazine, first published by Thinking Business on 6 October 2016: Ask the expert