Serving over 2 Million visitors each year

Search
Comprehensive Online Business Insurance
Tailored PI, Office, Public & Employers' Liability Insurance
Are you covered? Read our Essential PI Guide
Get a Quote and buy online in minutes

Top 10 data protection pitfalls for SMEs – and how to avoid them

print  e-mail 

All businesses handle information about people – staff, customers, suppliers. Data protection is all about taking care of this information and it’s not difficult. But it’s also very easy to get it wrong – and the results can range from bad publicity to legal action and fines.

Here are the top 10 blunders and how to avoid them:

Blunder 1: Totally ignoring the issue.

This can lead to any of the scenarios below – plus additional costs in putting things right.

Blunder 2: Not checking if you need a data protection notification.

This outlines the personal information being used by your business (including sole traders) or organisation for different purposes e.g. staff records, accounts, marketing. It only costs £35 per year and you can fill in the form on the Information Commissioner’s website (at www.ico.gov.uk follow the link 'For organisations'), print and post it off. Some businesses don’t need to notify (but they still have to comply with other data protection requirements) – use the checklist online to find out. If you don’t notify when you should, you can be fined. But beware of bogus agencies that send you threatening letters and charge a lot more than £35 to do your notification.

Blunder 3: Not training your staff.

It’s everyone’s responsibility to look after information – and your staff can alert you to accidents waiting to happen. Think of all those high street banks putting out customer details in bin bags – didn’t anyone notice and think it was a bad idea? Do it the right way and everyone will have valuable insights they can use to protect themselves against ID theft and other threats outside work as well as buying in to safeguarding the personal information they handle at work.

Blunder 4: Not explaining to customers how you are going to use their information

This is particularly necessary if it isn’t obvious - such as making credit checks on them or recording their calls. Make sure that it's clear to the customer who you are - so they know who is handling their information when they provide it. Then work out the best way to deliver the information about how you will use the customer's details. But watch out for the next one –

Blunder 5: Having a privacy policy on your website that is five pages long and as clear as mud.

This is a waste of time for everyone. You need to explain about cookies but most of the rest can be said in a few words where people actually fill in their details. They are more likely to read it as well if it's right there on the online form. And that's where marketing options definitely need to be - see below.

Blunder 6: Not being up front about marketing.

There are strict rules about marketing - especially by phone, fax and electronic channels such as email and SMS. You need to explain things clearly so customers understand their choices and will be pleased instead of annoyed to receive your marketing in future. You also need to check permissions very carefully when renting in a marketing list. And when people ask you to remove their details from your marketing database because they don't want any more direct marketing - you need to explain that you must keep some details on a suppression list to make sure you don't market to them again!

Blunder 7: Not having adequate security.

How many times have you read about missing laptops with customer data on them? But also think about security for your website, your premises and PCs and paper records. And don’t forget your staff – they need to know the rules about things like not sharing passwords, checking identities of callers, what information they can give out and when. You also need ways of monitoring to ensure that staff are not misusing information – such as credit card details supplied by customers.

Blunder 8: Not recognising a ‘subject access request’.

A real mouthful but all it means is someone asking for a copy of information you hold about them –this may be for a specific piece of information or everything. No one usually bothers unless they are annoyed with you. This is a chance to turn around a complaint – or get into trouble for ignoring the request. Make sure your staff know how to recognize a request and what to do with it. It needs to be made in writing and you are allowed to charge a £10 fee for processing it (but you may decide just to handle it in the normal course of business). You should also have a way of confirming that the person is who they say they are. Requests can be made for emails, images, recordings as well as information in your databases and some paper files. Check that your systems allow you to pull all this out. And take care not to reveal information about other people - you will usually need their consent first. The Information Commissioner has recently issued an advice note on this topic for SMEs.

Blunder 9: Not including data protection in the contract with a sub-contractor who is handling personal information when they do work for you.

This could be, for example, a fulfilment house. It doesn’t have to be complicated or long – it just needs to ensure that the contractor only uses the information according to your instructions and also has adequate security to prevent data protection breaches. This is not just a paper exercise - you are responsible if anything goes wrong – so make sure they get it right! Go and check and, if necessary, include financial penalties in the contract for lack of care for personal information.

Blunder 10: Thinking it won’t happen to you.

It can and does but now you know what to do to make sure it doesn’t!


About the Author

Sue Milnes runs Simply DP, a consultancy providing training and advice to demystify data protection. She has practical experience of applying data protection both in the private and public sectors.

Please note that this information has been thoroughly checked and is correct to the best of our knowledge. However, it should not be used as a substitute for legal advice. The content of this article is of a general nature and no liability is accepted in connection with it or if any reliance is placed on it.

Posted June 12, 2007
Latest articles in Legal Guides
 
The Bribery Act 2010 and small businesses
One of the last Acts of Parliament to be passed in the dying days of the last Parliament was the Bribery Act 2010. And for once, it is quite a short statute – but one with a long reach as it is broad-ranging in its language and it specifically covers corruption abroad. [June 1, 2010]
 
Family businesses - A guide to governance structures
A family charter typically sets out how the family wishes the business to be run, the family’s goals and the long-term strategy for the business, as well as the family’s relationship with the business and an agreement as to how the family members should behave towards each other in the context of the business. [May 25, 2010]
 
How to manage and minimise the legal risks to small companies
We look at some key legal risks that can affect small businesses and how to manage and minimise such risks - ownership issues, employment issues and dealing with customers and clients. [April 30, 2010]
 
Companies Act 2006 - how it has affected small businesses
Following the final implementation of the Companies Act 2006, we look at the impact the changes have had on how small businesses operate in the UK [March 15, 2010]
 
Why are written contracts importance to businesses?
In this article, Andew Taylor explains why written contracts are both necessary and important to small businesses. [January 11, 2010]
 
The importance of intellectual property
What is involved in protecting your intellectual assets - including patents, copyright, brand names, trade marks, design rights, domain names and online content. [December 7, 2009]
 
Staying legal – how to ensure your web business is compliant with UK regulations
You often hear business people complaining about red tape, and unfortunately they are right. Like every area of business these days, ecommerce has its own rules, regulations and laws. In fact, selling online tends to be worse because of the international dimension. [November 4, 2009]
 
Small businesses should ask more questions when appointing solicitors
Small companies could be shelling out millions in unnecessary legal fees simply because they don't ask the right questions when they appoint solicitors. [August 18, 2009]
 
Furnished Holiday Lettings Scheme - An opportunity for overseas property owners
The repeal of the so-called “furnished holiday lettings” or FHL rules, and a very important change in the interim will allow owners of qualifying overseas property to benefit from tax advantages. But there's only a short window of opportunity to take advantage of the rule change. [July 24, 2009]
 
Seven leasehold property pitfalls for commercial tenants
Companies can often be faced with a nasty shock and a big bill when moving out of leasehold premises. In this article, we explore some common and costly mistakes often made by ill-informed commercial tenants. [July 8, 2009]
 
Guide to business libel in the Internet age
Over the years, what qualifies as libel has developed from the written word to include such things as radio broadcasts, and perhaps most importantly, the internet. How employee emails and personal blogs can be a cause for concern to employers. [May 27, 2009]
 
What is a confidentiality agreement or 'NDA'?
Non-disclosure agreements, or NDAs, are used to outline how two or more parties will share confidential information, without knowledge of such information going any further. [April 17, 2009]
 
What records are employers required to keep by law?
The three main areas where small businesses over-comply are - taking on new staff, the National Minimum Wage and the Working Time Regulations. But what records are employers required to keep by law? [October 24, 2008]
 
Guide to Copyright Law - What is protected?
Copyright law is one of the key areas of intellectual property protection. In the United Kingdom, protection applies automatically once the work is created. In this expert legal guide, we step through each different types of work that are protected, and explain the extent of the monopoly granted. [September 3, 2008]
 
Why it is important to have a Partnership Agreement
Graeme Jump from Mace & Jones looks at why it is important to have a partnership agreement when setting up a business with colleagues, following a recent case. [August 21, 2008]
 




Click Here
Our Partners
Key Services
Key Services
Legal Guides
Click Here

© Bytestart Limited 2005-2010 - All Rights Reserved | Terms of Use | Site List | Website Feeds | Rss Feed RSS Feed

Business Insurance, Business Bank Accounts, Public Liability Insurance, Professional Indemnity, Startups, Limited Company, Sole Trader