 |
|
|
Comprehensive Online Business Insurance - Tailored PI, Office, Public and Employers' Liability Insurance. - Are you covered? Read our Essential PI Guide. - Get a Quote and buy online in minutes. |
Top 10 data protection pitfalls for SMEs – and how to avoid them |   |
All businesses handle information about people – staff, customers, suppliers. Data protection is all about taking care of this information and it’s not difficult. But it’s also very easy to get it wrong – and the results can range from bad publicity to legal action and fines.
Here are the top 10 blunders and how to avoid them:
Blunder 1: Totally ignoring the issue.
This can lead to any of the scenarios below – plus additional costs in putting things right.
Blunder 2: Not checking if you need a data protection notification.
This outlines the personal information being used by your business (including sole traders) or organisation for different purposes e.g. staff records, accounts, marketing. It only costs £35 per year and you can fill in the form on the Information Commissioner’s website (at www.ico.gov.uk follow the link 'For organisations'), print and post it off. Some businesses don’t need to notify (but they still have to comply with other data protection requirements) – use the checklist online to find out. If you don’t notify when you should, you can be fined. But beware of bogus agencies that send you threatening letters and charge a lot more than £35 to do your notification.
Blunder 3: Not training your staff.
It’s everyone’s responsibility to look after information – and your staff can alert you to accidents waiting to happen. Think of all those high street banks putting out customer details in bin bags – didn’t anyone notice and think it was a bad idea? Do it the right way and everyone will have valuable insights they can use to protect themselves against ID theft and other threats outside work as well as buying in to safeguarding the personal information they handle at work.
Blunder 4: Not explaining to customers how you are going to use their information
This is particularly necessary if it isn’t obvious - such as making credit checks on them or recording their calls. Make sure that it's clear to the customer who you are - so they know who is handling their information when they provide it. Then work out the best way to deliver the information about how you will use the customer's details. But watch out for the next one –
Blunder 5: Having a privacy policy on your website that is five pages long and as clear as mud.
This is a waste of time for everyone. You need to explain about cookies but most of the rest can be said in a few words where people actually fill in their details. They are more likely to read it as well if it's right there on the online form. And that's where marketing options definitely need to be - see below.
Blunder 6: Not being up front about marketing.
There are strict rules about marketing - especially by phone, fax and electronic channels such as email and SMS. You need to explain things clearly so customers understand their choices and will be pleased instead of annoyed to receive your marketing in future. You also need to check permissions very carefully when renting in a marketing list. And when people ask you to remove their details from your marketing database because they don't want any more direct marketing - you need to explain that you must keep some details on a suppression list to make sure you don't market to them again!
Blunder 7: Not having adequate security.
How many times have you read about missing laptops with customer data on them? But also think about security for your website, your premises and PCs and paper records. And don’t forget your staff – they need to know the rules about things like not sharing passwords, checking identities of callers, what information they can give out and when. You also need ways of monitoring to ensure that staff are not misusing information – such as credit card details supplied by customers.
Blunder 8: Not recognising a ‘subject access request’.
A real mouthful but all it means is someone asking for a copy of information you hold about them –this may be for a specific piece of information or everything. No one usually bothers unless they are annoyed with you. This is a chance to turn around a complaint – or get into trouble for ignoring the request. Make sure your staff know how to recognize a request and what to do with it. It needs to be made in writing and you are allowed to charge a £10 fee for processing it (but you may decide just to handle it in the normal course of business). You should also have a way of confirming that the person is who they say they are. Requests can be made for emails, images, recordings as well as information in your databases and some paper files. Check that your systems allow you to pull all this out. And take care not to reveal information about other people - you will usually need their consent first. The Information Commissioner has recently issued an advice note on this topic for SMEs.
Blunder 9: Not including data protection in the contract with a sub-contractor who is handling personal information when they do work for you.
This could be, for example, a fulfilment house. It doesn’t have to be complicated or long – it just needs to ensure that the contractor only uses the information according to your instructions and also has adequate security to prevent data protection breaches. This is not just a paper exercise - you are responsible if anything goes wrong – so make sure they get it right! Go and check and, if necessary, include financial penalties in the contract for lack of care for personal information.
Blunder 10: Thinking it won’t happen to you.
It can and does but now you know what to do to make sure it doesn’t!
- You can also read Bytestart's Overview of Data Protection.
- How to comply with the Data Protection Act.
About the Author
Sue Milnes runs Simply DP, a consultancy providing training and advice to demystify data protection. She has practical experience of applying data protection both in the private and public sectors.
Please note that this information has been thoroughly checked and is correct to the best of our knowledge. However, it should not be used as a substitute for legal advice. The content of this article is of a general nature and no liability is accepted in connection with it or if any reliance is placed on it.
Posted June 12, 2007
[February 19, 2008] What the Data Protection Act is and what it means for your business and direct marketing campaigns. If you hold any form of personal or marketing information about customers, prospects or staff – even just their name and address – then you should register.
[December 19, 2007] The final timetable for the implementation of the Companies Act has been announced by the Government.
[November 20, 2007] Stephan Weber of Sykes Anderson LLP discusses the new statutory provisions under the Companies Act 2006 in respect of derivative claims by shareholders
[October 25, 2007] A Guide to trade marks. How are trade marks protection, why you should register a trade mark, and how to apply for one.
[October 22, 2007] How to make sure your standard terms and conditions of business are incorporated into the agreement between you and your customers.
[June 27, 2007] A complete guide to protecting your intellectual property - including patents, trademarks, copyright and design issues.
[June 19, 2007] Most businesses will not have considered whether the standard 8% interest rate clause provided is appropriate for their particular circumstances. Most businesses would benefit from a regular review of their standard terms.
[June 14, 2007] The Companies Act 2006 is one of the biggest legal reforms to ever face business. Tim Polding, Head of Commercial Department at Liverpool-based legal firm, Lees Lloyd Whitley, offers an overview below and crucial advice to businesses.
[June 12, 2007] Data protection is all about taking care of this information and it’s not difficult. But it’s also very easy to get it wrong – and the results can range from bad publicity to legal action and fines.
[February 28, 2007] If you do own a home and you are not sure what rights you have as a landlord, here you will find the information that you need in order to make the best decision on what to do if a problem does arise.
| Our Partners |
|
Hiscox Office Insurance Instant Online Quotation Bibby Financial Services Funding your business Cashflow Problems? Try Invoice Financing Save on Car Rental Discounts with Budget Public Liability Insurance Get online cover now Company Information Online credit checking 2 Years FREE Banking Alliance & Leicester Company Formation Instant online setup! |
|
|
| Key Services |
|
£20 Free Postage & 30 Day No Ties Trial SEO-friendly website for just £200 Virtual Office Service For full details click here. FREE Call Answering Hot Office - More info |
|
|
| Companies Act Guides |
Small Business Highlights: Business Plans :: Start A Business :: IR35 :: Business News :: eBay Business :: Company Formation :: Budget 2008
Professional Indemnity Insurance :: Business Banking :: Limited Company :: Business Insurance :: IT Contractors :: Tax Rates :: VAT :: Income Shifting
©Bytestart Limited 2005-2008 :: All Rights Reserved :: 'The Small Business & Start-Up Portal' :: Terms of Use :: Resources :: Site List
Business Insurance, Business Banking, Public Liability Insurance, Professional Indemnity, Startups, Limited Company, Sole Trader
