Setting up a new company often means that you will be interacting with data of a personal nature. This can be data on customers, employees or even people passing by your premises.
Companies dealing with information are expected to abide by the 8 data protection principles:
- Processing – Data must be processed fairly and lawfully.
- Relevancy – Data collected must be adequate, relevant and not excessive.
- Purpose – Data must only be used for the purpose for which it was originally collected.
- Accuracy – Data must be accurate and kept up-to-data, with errors being swiftly corrected.
- Retention – Data must not be kept for is longer than necessary
- Use – Data must be used within (and according to) the rights of the individual
- Secure – Date must be kept secure.
- Transfer – Data must not be transmitted outside the EU unless protection is put in place
When you consider that “data” can include everything from CCTV footage, to customers’ bank details to employee records, there are actually quite a few duties laid down on new companies.
Failure to follow these data protection principles and to properly register with the Information Commissioners Office, could result in legal action and a quite hefty fine. There have been many stories in the news of late of corporations and organisations that have failed to meet the principles in one way or other. Research has shown that a fifth of firms have failed to meet the requirements placed on them. Simple things like failing to properly secure data or not shredding customers confidential information when it is being disposed of are the areas companies have most been noted for failing in, but there are other areas too. People are just not aware of the requirements placed on them and are therefore not carrying out sufficient training with their staff.
There have been many accounts lately of confidential information being stored on company laptops which are then “lost” by employees. In some circumstances, the Data Protection breaches have been much worse. In the last months of 2009, T Mobile admitted that they had failed to stop information being stolen and sold to rival firms by a member of their own staff.
Be sure to take advantage of our registration service to get your company properly registered with the Information Commissioners Office and benefit from initial guidance from our legal team.
Carphone Warehouse in data protection breach
SMEs routinely breach the Data Protection Act