 |
|
|
Comprehensive Online Business Insurance - Tailored PI, Office, Public and Employers' Liability Insurance. - Are you covered? Read our Essential PI Guide. - Get a Quote and buy online in minutes. |
Top 10 data protection pitfalls for SMEs – and how to avoid them |   |
All businesses handle information about people – staff, customers, suppliers. Data protection is all about taking care of this information and it’s not difficult. But it’s also very easy to get it wrong – and the results can range from bad publicity to legal action and fines.
Here are the top 10 blunders and how to avoid them:
Blunder 1: Totally ignoring the issue.
This can lead to any of the scenarios below – plus additional costs in putting things right.
Blunder 2: Not checking if you need a data protection notification.
This outlines the personal information being used by your business (including sole traders) or organisation for different purposes e.g. staff records, accounts, marketing. It only costs £35 per year and you can fill in the form on the Information Commissioner’s website (at www.ico.gov.uk follow the link 'For organisations'), print and post it off. Some businesses don’t need to notify (but they still have to comply with other data protection requirements) – use the checklist online to find out. If you don’t notify when you should, you can be fined. But beware of bogus agencies that send you threatening letters and charge a lot more than £35 to do your notification.
Blunder 3: Not training your staff.
It’s everyone’s responsibility to look after information – and your staff can alert you to accidents waiting to happen. Think of all those high street banks putting out customer details in bin bags – didn’t anyone notice and think it was a bad idea? Do it the right way and everyone will have valuable insights they can use to protect themselves against ID theft and other threats outside work as well as buying in to safeguarding the personal information they handle at work.
Blunder 4: Not explaining to customers how you are going to use their information
This is particularly necessary if it isn’t obvious - such as making credit checks on them or recording their calls. Make sure that it's clear to the customer who you are - so they know who is handling their information when they provide it. Then work out the best way to deliver the information about how you will use the customer's details. But watch out for the next one –
Blunder 5: Having a privacy policy on your website that is five pages long and as clear as mud.
This is a waste of time for everyone. You need to explain about cookies but most of the rest can be said in a few words where people actually fill in their details. They are more likely to read it as well if it's right there on the online form. And that's where marketing options definitely need to be - see below.
Blunder 6: Not being up front about marketing.
There are strict rules about marketing - especially by phone, fax and electronic channels such as email and SMS. You need to explain things clearly so customers understand their choices and will be pleased instead of annoyed to receive your marketing in future. You also need to check permissions very carefully when renting in a marketing list. And when people ask you to remove their details from your marketing database because they don't want any more direct marketing - you need to explain that you must keep some details on a suppression list to make sure you don't market to them again!
Blunder 7: Not having adequate security.
How many times have you read about missing laptops with customer data on them? But also think about security for your website, your premises and PCs and paper records. And don’t forget your staff – they need to know the rules about things like not sharing passwords, checking identities of callers, what information they can give out and when. You also need ways of monitoring to ensure that staff are not misusing information – such as credit card details supplied by customers.
Blunder 8: Not recognising a ‘subject access request’.
A real mouthful but all it means is someone asking for a copy of information you hold about them –this may be for a specific piece of information or everything. No one usually bothers unless they are annoyed with you. This is a chance to turn around a complaint – or get into trouble for ignoring the request. Make sure your staff know how to recognize a request and what to do with it. It needs to be made in writing and you are allowed to charge a £10 fee for processing it (but you may decide just to handle it in the normal course of business). You should also have a way of confirming that the person is who they say they are. Requests can be made for emails, images, recordings as well as information in your databases and some paper files. Check that your systems allow you to pull all this out. And take care not to reveal information about other people - you will usually need their consent first. The Information Commissioner has recently issued an advice note on this topic for SMEs.
Blunder 9: Not including data protection in the contract with a sub-contractor who is handling personal information when they do work for you.
This could be, for example, a fulfilment house. It doesn’t have to be complicated or long – it just needs to ensure that the contractor only uses the information according to your instructions and also has adequate security to prevent data protection breaches. This is not just a paper exercise - you are responsible if anything goes wrong – so make sure they get it right! Go and check and, if necessary, include financial penalties in the contract for lack of care for personal information.
Blunder 10: Thinking it won’t happen to you.
It can and does but now you know what to do to make sure it doesn’t!
- You can also read Bytestart's Overview of Data Protection.
- How to comply with the Data Protection Act.
About the Author
Sue Milnes runs Simply DP, a consultancy providing training and advice to demystify data protection. She has practical experience of applying data protection both in the private and public sectors.
Please note that this information has been thoroughly checked and is correct to the best of our knowledge. However, it should not be used as a substitute for legal advice. The content of this article is of a general nature and no liability is accepted in connection with it or if any reliance is placed on it.
Posted June 12, 2007
|
[April 28, 2008] How a business partner could help your business grow, and how to protect you and your business when entering a business partnership.
[April 4, 2008] Finding the right builder for a big project can be a daunting process. Andrea Ogunkoya offers tips on telling the experts from the cowboys.
[April 1, 2008] We look at the pro's and con's of buying an existing business - there is a trade-off between the benefits of buying a going concern, and the problems you may inherit when doing so.
[March 31, 2008] If you’ve decided to buy an existing business rather than start your own, here are the ten steps you should follow.
[March 17, 2008] Many people rush into their first business and live to regret it down the line. Important decisions made in haste tend to have implications. There are five things you must do before you start your business.
[March 10, 2008] How would you earn money if something happened to you or your business? Here is our guide to getting a simple business continuity plan together for one man bands and micro sized businesses.
[February 25, 2008] The key things to bear in mind before setting up a new business - tips on funding, employing people and the biggest causes of failure for startups.
[February 18, 2008] A business that commits to the personal development of its employees is a powerful one. And the good news is it’s more important to invest time than money.
[February 11, 2008] Whatever type of business you run, or want to start, there are a number of fantastic free online utilities that you can use. Here’s a handy Bytestart guide to the best currently available.
[January 30, 2008] Here are a further 25 excellent bootstrap marketing tips for small businesses - how to publicise your business without a large budget.
| Our Partners |
|
Hiscox Office Insurance Instant Online Quotation Bibby Financial Services Funding your business Cashflow Problems? Try Invoice Financing Save on Car Rental Discounts with Budget Public Liability Insurance Get online cover now 2 Years FREE Banking Alliance & Leicester Company Formation Instant online setup! |
| Key Services |
|
£20 Free Postage & 30 Day No Ties Trial SEO-friendly website for just £200 Virtual Office Service For full details click here. FREE Call Answering Hot Office - More info |
 |
| Further Information |
| Bytestart's Business Start Up Guide |
Small Business Highlights: Business Plans :: Start A Business :: IR35 :: Business News :: eBay Business :: Company Formation :: Budget 2008
Professional Indemnity Insurance :: Business Banking :: Limited Company :: Business Insurance :: IT Contractors :: Tax Rates :: VAT :: Income Shifting
©Bytestart Limited 2005-2008 :: All Rights Reserved :: 'The Small Business & Start-Up Portal' :: Terms of Use :: Resources :: Site List
Business Insurance, Business Banking, Public Liability Insurance, Professional Indemnity, Startups, Limited Company, Sole Trader
