Small businesses have a much lower awareness of the principles of the Data Protection Act than larger organisations, according to recent research commissioned by the Information Commissioner’s Office (ICO). And this is costing them time and money according to Jon Stanton, director of local IT specialists PEM IT Services.
94% of SMEs believe that the Act is needed and that compliance makes "good business sense". However, only 22% of small businesses were aware that under the Data Protection Act they were required to keep customer information accurate and up to date.
"Data Protection is not given the respect it deserves" says Jon Stanton from PEM IT Services. "As the research shows we all expect companies to comply, but in reality many organisations fall short. Small businesses in particular tend to suffer because they see it as an administrative overhead rather than an integral part of their day to day working."
The key to success, says Stanton, is some simple business planning. "By making sure you update your information as you receive it and regularly purging redundant information, you can save time and money. Sending marketing information to companies that no longer exist is a classic example of money wasted. Similarly, many companies keep files going back many years. By only keeping what you need, it will be much easier to find things when you need them."
Richard Thomas, Information Commissioner, has also highlighted the fact that they will take a very strong line with companies not protecting their customers data. “The majority of businesses are complying with the Act but my Office will not, and does not, hesitate to take action against the few businesses which are failing to protect their customers’ personal information effectively.”
A couple of simple tips for your organisation:
1. Enable and train your staff. Give them the ability to update records on the system - so that when they learn of changes (such as a new contact or change of address) your systems can be updated straight away.
2. When you create and archive files, give them a scheduled deletion date. That way you get into the habit of destroying old files unless they are really needed.
3. In an increasingly digital world the public is becoming ever more aware of the risks associated with giving their information to businesses. People have a right to know what information you hold about them, and if they request a copy of this information you are generally obliged to provide it to them. If you hold personal information, make sure your staff are aware of the requirements and know what to do if they receive a request.
You can download a free Data Protection checklist for your organisation by going to our downloads page. More information is also available on the Information Commissioner’s web site - www.ico.gov.uk
If you would like help reviewing your systems and procedures, then PEM IT Services offer advice and assistance to clients to ensure they comply with all aspects of Data Protection. Contact Jon Stanton on 01223 728222 for further details.
Date:22 October 2007
|
