You (and your staff team), all have responsibilities for your data; at rest and during transmission
Every business, organisation and government department in the UK is subject to the Data Protection Act 1998.
There are eight key principles which are shown below and breach of these can lead to large financial penalties (currently up to £500k) as well as the loss of your reputation.
Your data must be:
- Fairly and lawfully processed
- Processed for the specific purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept no longer than necessary
- Processed in accordance with the data subject rights
- Secure (appropriate technical and organisation measure shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data)
- Not transferred to countries which do not provide adequate protection for the data i.e. protection to at least the level required in the EU (EEA).
You, your staff and the law: (Governance):
- Do you have the written company policies to support your business stance on controlling data?
- If you do; are they clear, enforceable and have you trained your staff to understand and comply to them?
- Do they embrace current legislation, does your current ICT setup meet the requirements of the Data Protection Act?
- Do you have the right policies for you and your staff to exploit these technologies in a secure way, that is commensurate with the expectations of the Data Protection Act and other governance such as PCIDSS, PSN and IG Toolkits as well as other international governance standards such as ISO27001?
- You and/or your business needs to develop and deploy clear guidance (policy) for your staff and put in place technical controls with training to support these policies. Furthermore, you may have industry or professional compliance to meet with regard to your data, such as (and for example) PCIDSS, should your business work with credit or debit cards.
We can work with you from existing template policies we already have to help you deploy the technical controls suited for your business quickly and efficiently, this can be based around or enhanced using many things such as Google Apps for Business and our offsite backup systems, as well as robust free to use products