GDPR (Data Protection)
All businesses must properly handle the personal information given to them by individuals, eg their customers and employees. In the UK, the main legislation governing the collection, processing and distribution of personal data is the Data Protection Act 2018 (the DPA) which is enforced by the Information Commissioner’s Office (ICO). The DPA is the legislation that implements the General Data Protection Regulations (the GDPR).
If you handle personal information (and, let’s face it, you are always going to be handling personal information because as a business you have to keep records on your customers), you have a number of legal obligations to protect that information.
Information (data) you hold must be
- Used fairly, lawfully and transparently
- Used for specified, explicit purposes
- Used in a way that is adequate, relevant and limited to only what is necessary
- Accurate and kept up to date
- Kept for no longer than is necessary
- Handled in a way that ensures appropriate security
Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business
Protecting consumer information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles
Data Protection comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV
Following proper data protection procedures is also crucial to help prevent cyber crimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud