Do you collect personal data? How are you storing your customer or client data? How can you guarantee that it is secure? If you’re thinking about going into business, or you already are, you need to think about data protection.
Why data protection is important
If you’re in the middle of launching a business, data protection might be low down on your list of priorities. However, if you’re storing personal information, then you have to follow the Data Protection Act 2018, and the UK GDPR. These regulations set out your responsibilities as a business owner or organisation in storing and securing data.
This is also really important because of the amount of data that businesses now store online and in the cloud. This data is particularly vulnerable to phishing, hacking and other forms of cyber-attacks; 43% of which target small businesses. If these kinds of attacks result in a data breach, this can seriously affect your customers confidence, your company brand and your reputation.
What data do you hold?
The first thing you need to think about is what sort of personal data you hold, and why you hold it. Employee details, customer details, client information; all of this data needs to exist for a reason. Identifying the kind of data you need, and not collecting the kind of data that you don’t is an important part of data protection.
Do your customers know how you use their data?
Your clients and customers also need to know that you’re holding their data, and why. A clearly written privacy policy, detailing the data that you collect from customers and the reason that you collect this data is a great way to keep your customers informed. You might also get them to sign a privacy policy so that you have a record of their consent to hold their data.
If a customer or client wants a copy of the data that you hold for them, you must be able to provide them with this. You and your customers also need to know how long you’re keeping that data for.
How to store data securely
Keeping the data in a secure way is one of the most important parts of the Data Protection Act and UK GDPR. There are a few really easy ways you can ensure that you’re storing data securely; multi-factor authentication, using UK GDPR and data protection compliant services, and transporting data securely, for example.
If you store data in hard copies only, then you need to think about where that data is stored. Is it accessible to anyone who has access to your office, or your home? In the event of a fire or natural disaster, do you have a backup for this data? What would happen if you lost that data? What would be the impact on your customers, clients and business? If you’re transporting data physically, could someone access it if your hard drive or laptop was stolen?
If you store data in the cloud, then you need to think about how this data is accessed. Multi-factor authentication makes it that little bit harder for a phisher or hacker (or anyone with unauthorised access) to access your data. Usually this means securing the cloud with something you know (a password or passphrase), something you have (a mobile phone), and something you are (a fingerprint).
Finally, using a service that is UK GDPR compliant is a must. Microsoft 365 is a great solution; and for UK businesses it also ensures that your data centres are within the UK. This means that you won’t also need to comply with the data protection laws within other countries.
Ensuring you’re compliant with Data Protection
This information is just a starting point to becoming compliant with the Data Protection Act and UK GDPR. There are a number of useful services that you can use to check that you’re compliant with the law. The ICO has an easy to use assessment tool for small organisations and sole traders. If you’re thinking about starting a business, don’t forget about data protection - without it, your customers’ data and your business is at risk.
Tweet us @TranscenditUK
Photo from Unsplash