Do you collect customer or client data? Are you compliant?
The Information Commissioner’s Office (ICO) has just launched a new Data Protection Self Assessment Toolkit to help businesses assess their compliance with the Data Protection Act 1998. The free Toolkit, available on the ICO website, aims to help SMEs evaluate their current levels of compliance and “provides handy links to relevant guidance and further information”.
How does the Toolkit work?
The easy-to-use online Toolkit can be completed as a single overall assessment covering the key obligations that SMEs have in relation to processing customers’ or clients’ personal information. Alternatively, it can be broken down in separate categories allowing an organisation to tailor it to their specific needs. Upon completion a compliance rating is provided, alongside links to further ICO guidance for areas where compliance can be improved.
Which assessment should I take?
Those businesses that are new to data protection, or may be unfamiliar with their data protection obligations, should choose ‘route A’ – the single overall assessment. This will provide a high level assessment of the main data protection considerations. Businesses who wish to tailor the self-assessment to their organisation’s particular needs and risks should choose ‘route B’. This will evaluate compliance in the following areas:
• Data Protection Assurance;
• Records Management;
• Information Security;
• Data Sharing and Subject Access; and
• Direct Marketing.
Aware of your obligations?
Under the Data Protection Act 1998 there are 8 key principles. Personal information must:
• be fairly and lawfully processed;
• be processed for limited purposes;
• be adequate, relevant and not excessive;
• be accurate and up to date;
• not be kept for longer than necessary
• be processed in line with the data subjects’ rights;
• be secure; and
• not be transferred to other countries without adequate permission.
Businesses are encouraged to use the Toolkit as a starting point to assess compliance. It's important to remember that every organisation’s requirements will be different. Should you require any help in understanding your obligations and ensuring compliance following completion of the assessment, our highly experienced team is on hand to help. To start a conversation on how we can help, please contact Debbie Venn, Partner and Head of Technology, Media and Telecommunications.
Published: 17 Feb 2016