Do you know about the Information Commissioner’s Office (ICO)? It’s possible that you don’t, but if you run a small company that does business over the Internet then you really should because it’s the data privacy watchdog and it can punish your firm if you’re not playing by the rules. It can fine organisations up to £500,000 – so there’s a powerful incentive to find out what it says and does.
Did you know, for example, that if your firm holds and processes certain types of personal data, you might need to register with the Information Commissioner? To find out whether your business must notify the ICO of what data you store and for what purposes you use it, check on its website.
The ICO’s job, in a nutshell, is to safeguard the use of personal data by businesses. It sets standards and establishes best practices for how organisations of all types and sizes use and store our private information. It has already shown its teeth with heavy fines against government departments, NHS trusts and private companies.
The important point to bear in mind is that the ICO can punish you if you haven’t taken the proper steps to protect your client data properly. It can fine you if you haven’t stored that information securely, not just if a problem occurs and you lose it.
But don’t think that the ICO’s role is just to come down like a ton of bricks on hard-pressed small businesses if they make a mistake. It’s there to help SMEs understand their obligations regarding the data they collect.
The ICO took a very commonsense and pragmatic approach to the introduction of new EU data privacy laws last year. It gave British businesses a year to incorporate new cookie consent features on their websites to comply with the new legislation, and the guidance it issued on that to firms was, in my opinion, really first class.
Data privacy is an issue that smaller firms need to be very aware of, but most are unlikely to have the resources to comb through the relevant legislation and to understand the effects on how they run their business. So it’s well worth adding the ICO website to your “favourites” list, because the information it puts on there for small businesses is easy to understand, it’s relevant and it’s helpful.
There’s a good document on its site, which offers a brief guide to small businesses’ obligations under the Data Protection Act. There’s also a checklist for SMEs to help them comply with the law. Download them and read them both carefully – it could save you a lot of hassle in future.
Your business banker can also provide you with invaluable tips on how to securely store clients’ payment card information.