Do you REALLY know where your data is or how safe it is?
With news of major data security breaches, it is a timely reminder to get up to speed on your own data protection arrangements. I have recently discovered that many businesses have a rough idea of data protection and think it just means having a Privacy Policy in place. This usually involves copying and pasting someone else’s terms into their website footer and hey presto, the job is done! Or is it??? Let me flag the dangers and what you should really be doing:
Step 1: make sure you have a Privacy Policy that is truly up-to-date and complete.
The Data Protection Act prescribes what should be in it. This means you are potentially breaking the law if it isn’t complete. 9 out of 10 policies that I see on websites are wrong. Why risk it? We have an up to date template that you can buy now.
Step 2: ensure that you and your staff READ and UNDERSTAND the policy.
In a nutshell, the purpose of the Privacy Policy is to tell your customers that you will be looking after their personal details in line with the Data Protection Act. Therefore, it is your responsibility to:
- Understand the Data Protection Act. The Information Commissioner’s Office has really useful, easy to understand guides. Check out their website here
- Implement protection measures in practice ie look at all of your devices and IT set up and check how safe it is. What would happen if your office caught fire or you lost your laptop, phone, tablet etc. Is it all backed up? Is the data encrypted?
Step 3: Check where your data is being stored.
A key requirement of the Data Protection Act is to tell your customers if you are sending the data out of the UK or the EU. You may think that of course you are not doing this. But your customers’ details may actually be stored on your website and many websites are hosted in the US. Or youm ay use a newsletter software provider such as Constant Contact or Mail Chimp. They too are in the US.
Step 4: Check the Privacy Policy and safety arrangements of your suppliers.
It is no good having the best security system in place, only to outsource work to third parties eg freelancers or marketing agencies who have no protection in place at all. Ask to see their privacy policies and speak to them (or better still visit them) to see what measures they have put in place.