Virtually everyone is a “data controller” these days in the eyes of the law. You will be gathering personal details via your websites on your contact or newsletter sign up forms. You will be saving customer details on your PC’s and other devices and will therefore be highly likely subject to the Data Protection Act requirements. This sets out 7 key principles that you must comply with. One of those states the following:
“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to,personal data”
Do you know what that actually entails? Does it mean just having a password on your device or installing a firewall? Do you need to encrypt all data, not allow staff to use their own devices….?
Only recently a staff member used a memory stick in the office and then forgot to take it with them when they left for home. The memory stick vanished and contained lots of sensitive data on children with special needs. The business was fined £80,000 even though the memory stick was never found or the information actually used as far as they were aware.
We can provide you with the basic tools to tell you what the key legal requirements are and what practical steps you can take from an IT point of view in our forthcoming webinar on 2nd July at 10 am. Do not wait until it is too late.