Never too small to ignore GDPR / DPA

telanova: the outsourced IT team that feels like your own

Providing advice, consultancy, helpdesk, monitoring and maintenance, updates, upgrades, security: all the things your in-house team would do, but better and at a fraction of the cost and hassle.

Never too small to ignore GDPR / DPA

Details
Created: Tuesday, 06 April 2021
Written by Tim Nicholls

GDPR and the Data Protection Act? That’s for the big kids isn’t it? They’re not going to come after my business?

Actually the Information Commissioner's Office does, as a small shop in Aldermaston found out. One day their website got hacked and their customer details were stolen.

The ICO investigated the case and decided that they hadn’t taken sufficient steps to secure their customer’s information and imposed a fine of £60,000, a sum that could be ruinous to many small businesses.

Don’t let that happen to you, being compliant means staying compliant, making sure your security, policies, practices and procedures remain effective. As your business grows or changes you may have to review and change those policies, practices and procedures

  • Have you introduced new software? Where does it store its data? Does it meet the requirement in the DPA to protect against unauthorised or unlawful processing - that new HR package - is access really restricted to members of the HR department?
  • Have you vetted any new supplier's compliance?
  • Check your consent practices and your existing consents. If you decide to use personal data previously collected for a new purpose, you will need to seek permission from the data subjects.
  • Is your Data Retention policy still fit for purpose? - are you now collecting any new types of data that you weren't previously? Are you holding on to data longer than necessary? E.g. Employee insurance information should only be held for 3 years, Payslips for 5 years if you are a sole trader/partner, 6 years for companies
  • New employees - does your onboarding process cover the various different types of data you collect and what you have consent to use it for.
  • E-discovery - how easy is it to find relevant data? Data subjects have the right to request information about them, and have incorrect data amended. How easy is it to find and update information across your systems?
  • Have you set up new devices, laptops and PCs securely? Do those devices have encrypted drives? Have you enabled two-factor authentication on new apps etc?
  • Have you moved your website hosting to a new provider? Does the supplier enforce proper security and protection for your data?
  • If you haven’t already achieved the UK Government’s Cyber Essentials certification, ask us to take you through the process.
If you haven’t updated your policies or enabled data protection features it is better late than never.
Email Facebook Google LinkedIn Twitter

We use cookies to provide you with the best possible experience in your interactions on our website

You agree to our use of cookies on your device by continuing to use our website

I understand