The GDPR gives people more control over their personal information and requires organisations to clarify exactly where Personally Identifiable Information (PII) is stored – and how it is used.
Less well-documented than data protection regulations, but no less important, are data retention regulations. To outline what your legal obligations are when it comes to keeping business records, we asked Paul Ravey of Access Records Management to explain.
Despite Brexit, the UK government has confirmed it will abide by the new General Data Protection Regulation (GDPR), which is due to come into effect on 28 May 2018.
The aim of General Data Protection Regulation is to encourage companies across the European Union to think seriously about data protection. In practice, the new GDPR lays down some fairly stringent legislation, for both large and small businesses, governing the standards by which personal data is collected and stored.
To help UK businesses understand the new laws, and avoid the heavy punishments failure to abide by them bring, here’s a guide to the GDPR legislation. (more…)
In recent years, giant corporations such as eBay, British Airways and Linkedin have fallen victim to hackers accessing their data. That such huge companies can be on the receiving end of data breaches, despite their astronomical IT budgets, shows that without the right protection, no company is safe.
So, what does this mean for smaller businesses?
Data protection is now a more onerous regime for small businesses, and this will only increase when the EU General Data Protection Regulation is implemented.
The Information Commissioner’s Office (ICO), which regulates the Data Protection Act 1998 (DPA), can impose penalties of up to £500,000. A glance at the ICO website will tell you how seriously they view failures to comply, so it’s crucial that small businesses understand their obligations under the DPA when dealing with any personal data, whether it relates to customers, clients or employees.
But for start-ups and small businesses, who can’t afford the luxury of a dedicated data protection officer it’s hard to know where to start. We therefore asked Clare Edwards, of Hill Dickinson, to distil some of the complexities of the Data Protection Act, and to offer some practical tips for start-ups and small businesses when dealing with personal data;
Not only is compliance with the DPA a legal requirement, there are good business reasons for doing so – for example, using out of date or bad data could result in customer complaints. Also, using bad data costs money and time.
The Data Protection Act (1998) was drafted to ensure the privacy of personal information stored electronically on computers nationwide. The Act aims to “promote high standards in the handling of personal information, and so to protect the individual’s right to privacy”.