Look under the carpet of any successful organisation and you are likely to find a comprehensive suite of policies. These typically provide high-level statements of commitment by an organisation on how it achieves certain outcomes, as well as strategies for dealing with standalone operational issues. This approach extends to the use of data protection policies. Yet why should organisations adopt data protection policies and what are the benefits these policies provide? What do we mean by a data protection policy? It is worth considering what we mean when we talk about a data protection policy. Policies can take many different forms. They may be public facing statements of a company\’s commitment and approach to the collection and use of customer personal data or an internal policy directed at telling employees how personal data collected about them will be handled. Policies are also used to foster certain behaviours, limit negative actions or drive forward particular good practices so that employees, for example, can do their jobs with knowledge and confidence. бA policy can, therefore, be a guide to action with detailed information on the steps to achieve the objective of the policy being delivered by separate procedures. There are a number of reasons why we need data protection policies, with legal requirements being foremost. Data protection laws in the EU place legal responsibility upon the shoulders of the data controller who determines how and why personal data of individuals is processed. Central to these obligations are eight data protection principles, comprising enforceable standards over the way personal data is collected, managed and used. The principles do not, however, provide a template for compliance. They typically use non-specific terms to describe processing such as БadequateБ, БrelevantБ БfairБ and БappropriateБ and for this reason, compliance by the controller is down to interpretation – applying the principles to specific circumstances. Although there is no explicit statement in the law that policies must be used, there is an implicit presumption that policies are needed to deliver compliance by helping an organisation and its employees to understand the nuances, consider the data and apply the law appropriately.
In reality damage to brand and reputation can be more dangerous for an organisation than any risk of action or a fine by the IC. That said, it is not just about the law or avoiding bad press. There are also positive and practical commercial benefits from using data protection policies. These include enabling uniformity and consistency in decision making, helping to build a culture of awareness and responsibility, making personal data management and infrastructure more resilient; and, through greater transparency, instilling trust and confidence in individuals when they are deciding whether to share their data. If you have any questions on this article or would like to propose a subject to be addressed by the Global Data Hub please.
Any information that your business stores digitally needs to be properly protected. From financial information and payment details to contact information for your staff, data usage in the UK is protected by law. We explain why data protection is not just a legal necessity, but crucial to protecting and maintaining your business. Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, needs to be protected. This is to prevent that data being misused by third parties for fraud, such as phishing scams, and identity theft. Common data that your business might store, include: This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public. Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles. The Data Protection Act contains a set of principles that organisations, government and businesses have to adhere to in order to keep someone s data accurate, safe, secure and lawful. This comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV. The principles set out in The Data Protection Act help businesses ensure the details of their staff, clients and customers are properly protected.
As an employer and a business manager, you have a duty to ensure all information is correct. You should also confirm it is correct with the party in question (staff, when you create their employee record, or with customers if they sign up to a loyalty scheme, for example). Following proper data protection procedures is also crucial to help prevent cybercrimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. For instance, your clients or customers bank accounts being hacked into. A breach in your data protection can be costly. And affected customers and staff, in some cases as shown in our blog, can pursue compensation against your business. You can also leave yourself open to punishments for failing to comply with data protection. The Data Protection Act is a key law within the UK. Failure to comply can have serious consequences. Violating data protection law can see you and your business prosecuted, resulting in harsh punishments. These can include fines of anything up to 500,000 or action being taken that could result in a prison sentence. Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business. How can FSB help? Data protection is a key legal matter that can be difficult to navigate. FSB members can benefit from a legal protection scheme that provides access to a number of services, including: Legal costs insurance, covering a range of areas, including Data Protection Prosecution Online Legal Information Hub, providing a comprehensive range of support materials To find out more about data protection or the other areas where our legal protection scheme can benefit your business, get in touch with a member of our team or visit our page.