The law says that any business owner or organisation dealing with personal information is responsible for keeping clients’, customers’ or patients’ data safe. It doesn’t matter what the business is or how small it is, information security is your responsibility.
A new free service from the UK’s data protection regulator, the Information Commissioner’s Office (ICO) has been designed to make it easier for small and medium organisations (SMEs) to assess how well they look after personal data.
The ICO has launched an online self-assessment tool that will help SMEs to assess their compliance with the Data Protection Act. The toolkit provides handy links to relevant guidance and further information, and will generate a rating based on responses.
The Information Commissioner, Christopher Graham said:
"Good data protection practice makes business sense. It can lead to better, more efficient customer service and help to protect and enhance your reputation. It could also help you avoid a fine from the ICO."
The easy-to-use toolkit may be completed as one comprehensive assessment that embraces the key obligations that SMEs have in relation to processing their customers’ or clients’ personal information. Alternatively, it can be broken down into separate checklists so users can tailor it to their organisation’s particular needs and risks.
Feedback from trials
A number of SMEs tested the toolkit in September and feedback was very positive.
Andrew Webber from The Orthodontic Practice in Exeter, said: “As an SME dentistry business which holds and uses sensitive medical data, it is imperative that we not only comply with data protection regulations, but also strive to improve our information handling procedures. The toolkit allows us to review and identify any data protection gaps and confirm that the processes we have are sound. Our core business is providing a service to patients and part of this is safely handling their data. If patients are not confident about our professionalism they will not use our services.’’
June Cairns-Smith, from small charity Guild of St. Mary and St. Anne, said: “I think it is an excellent tool. We are currently producing policies and guidance and the toolkit is really useful in assisting us in producing a GAP analysis and subsequent action plan on what needs to be addressed, with hints and tips as to where to go for additional guidance.”
Claire Mallia, business manager at Lincoln Gardens Primary School, said: “The toolkit provides a comprehensive overview of our data protection processes and controls and highlighting areas for development. We always look to the ICO as a valuable source of information and guidance to ensure we take all reasonable steps to fulfil our responsibilities. This will be particularly important when the reforms to data protection laws are implemented.”
Andy Wood, from marketing services provider GI Solutions Group, said: “It was excellent - well thought out and planned. It will help me train other group members who are tasked to help with data protection. I recommend any and all companies to use this tool. It is helpful and invaluable with your training needs.”
