"Any company or organisation that handles or captures customer or employee data must follow the data protection laws or face heavy penalties," emphasises Karen Edwards, Commercial Solicitor. Personal information may be on a server, in a cloud or USB stick and millions of people in the UK will surely have their details registered on-line somewhere. Probably the most publicised breach was TalkTalk in October 2015 when they struggled to confirm how many of its four million customers were affected after their website was hacked. This incident was the second data breach affecting the company in under a year. The Ministry of Justice was fined £180,000 for serious breaches of the Data Protection Act (DPA) in 2015.
Here’s some tips to keep your data safe:
- All businesses processing personal information under the DPA as ‘data controllers’ are required to register with the Information Commissioner’s Office. You may not need to do this if you only process personal information for core business purposes – e.g – staff administration and accounting purposes
- Train and educate staff who handle and store data, especially marketing, sales, customer relations and HR departments need to know the rules as well as the IT department
- Under the DPA all businesses are under an obligation to have adequate security measures to protect against security breaches. Cyber-crime is prevalent.
- Sensitive data – e.g – an individual’s ethnic origin, religious beliefs, health etc. constitute ‘sensitive personal data’ under the DPA and there are more stringent rules around the processing of such data
- If you are selling your business there are data protection obligations during the due diligence process
Our Commercial Team, based in Christchurch, also cover Bournemouth, Poole and the New Forest. For a free initial chat, please call 01202 499255 and Karen or a member of the team will be happy to discuss any questions that you may have.