why do we need data protection laws


Look under the carpet of any successful organisation and you are likely to find a comprehensive suite of policies. These typically provide high-level statements of commitment by an organisation on how it achieves certain outcomes, as well as strategies for dealing with standalone operational issues. This approach extends to the use of data protection policies. Yet why should organisations adopt data protection policies and what are the benefits these policies provide? What do we mean by a data protection policy? It is worth considering what we mean when we talk about a data protection policy. Policies can take many different forms. They may be public facing statements of a company\’s commitment and approach to the collection and use of customer personal data or an internal policy directed at telling employees how personal data collected about them will be handled. Policies are also used to foster certain behaviours, limit negative actions or drive forward particular good practices so that employees, for example, can do their jobs with knowledge and confidence. бA policy can, therefore, be a guide to action with detailed information on the steps to achieve the objective of the policy being delivered by separate procedures. There are a number of reasons why we need data protection policies, with legal requirements being foremost. Data protection laws in the EU place legal responsibility upon the shoulders of the data controller who determines how and why personal data of individuals is processed. Central to these obligations are eight data protection principles, comprising enforceable standards over the way personal data is collected, managed and used. The principles do not, however, provide a template for compliance. They typically use non-specific terms to describe processing such as БadequateБ, БrelevantБ БfairБ and БappropriateБ and for this reason, compliance by the controller is down to interpretation – applying the principles to specific circumstances. Although there is no explicit statement in the law that policies must be used, there is an implicit presumption that policies are needed to deliver compliance by helping an organisation and its employees to understand the nuances, consider the data and apply the law appropriately.


If we take, for example, the first of the data protection principles, this requires that personal data is processed БfairlyБ. The UK data protection Act 1998 (DPA) does not comprehensively explain the concept of fairness, it merely explains in the schedule to the DPA that personal data will only be processed fairly if the data controller has ensured, as far as reasonably practicable, that individuals have information communicated to them. A website privacy policy may be one of the ways this is achieved. Another example can be found in the security principle. A core requirement of this principle is that security measures must be \”appropriate\” to prevent data from being accidentally or deliberately compromised. This must include the use of organisational measures, meaning robust policies and procedures that define the security processes of the organisation and clearly delineate the responsibilities for security within the organisation and by any third parties processing personal data on its behalf. The value of policies in underwriting legal compliance can be seen particularly when we look at the UK regulator, the \’Information Commissioner\’s (IC) approach to auditing compliance and enforcing the law. In assessing the level of compliance by an organisation, the IC will typically focus, among other factors, on the role of governance and accountability. The view of the IC on the compliance or otherwise of an organisation and the level of any formal action it takes, will be strongly influenced by the presence or absence of polices. For example, when fining Midlothian council бе140,000 in January 2012, the IC pointed to how the breach could have been avoided if the council had put adequate policies and procedures in place. Legal reasons for using policies are clearly very important but equally important are the practical and commercial risks of not having policies.


In reality damage to brand and reputation can be more dangerous for an organisation than any risk of action or a fine by the IC. That said, it is not just about the law or avoiding bad press. There are also positive and practical commercial benefits from using data protection policies. These include enabling uniformity and consistency in decision making, helping to build a culture of awareness and responsibility, making personal data management and infrastructure more resilient; and, through greater transparency, instilling trust and confidence in individuals when they are deciding whether to share their data. If you have any questions on this article or would like to propose a subject to be addressed by the Global Data Hub please.
Any information that your business stores digitally needs to be properly protected. From financial information and payment details to contact information for your staff, data usage in the UK is protected by law. We explain why data protection is not just a legal necessity, but crucial to protecting and maintaining your business. Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, needs to be protected. This is to prevent that data being misused by third parties for fraud, such as phishing scams, and identity theft. Common data that your business might store, include: This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public. Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles. The Data Protection Act contains a set of principles that organisations, government and businesses have to adhere to in order to keep someone s data accurate, safe, secure and lawful. This comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV. The principles set out in The Data Protection Act help businesses ensure the details of their staff, clients and customers are properly protected.


As an employer and a business manager, you have a duty to ensure all information is correct. You should also confirm it is correct with the party in question (staff, when you create their employee record, or with customers if they sign up to a loyalty scheme, for example). Following proper data protection procedures is also crucial to help prevent cybercrimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. For instance, your clients or customers bank accounts being hacked into. A breach in your data protection can be costly. And affected customers and staff, in some cases as shown in our blog, can pursue compensation against your business. You can also leave yourself open to punishments for failing to comply with data protection. The Data Protection Act is a key law within the UK. Failure to comply can have serious consequences. Violating data protection law can see you and your business prosecuted, resulting in harsh punishments. These can include fines of anything up to 500,000 or action being taken that could result in a prison sentence. Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business. How can FSB help? Data protection is a key legal matter that can be difficult to navigate. FSB members can benefit from a legal protection scheme that provides access to a number of services, including: Legal costs insurance, covering a range of areas, including Data Protection Prosecution Online Legal Information Hub, providing a comprehensive range of support materials To find out more about data protection or the other areas where our legal protection scheme can benefit your business, get in touch with a member of our team or visit our page.

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button