New practical guide on data security for small businesses

Data protectionUnder the Data Protection Act (DPA), businesses have a responsibility to protect the personal information that businesses and their staff collect and use. This includes the requirement to have appropriate security to prevent this data being accidentally or deliberately compromised. Breaches of the DPA can lead to fines of up to £500,000 for businesses, in additional to reputational damage if inadequate security contributes to data loss or theft.

The Information Commissioner’s Office has published a useful practical guide for small businesses on how to keep their IT systems safe and secure. The guide sets out 10 practical ways to keep your business’s IT systems safe and secure:

  1. Assess the threats and risks to your business – in order to establish the right level of security for your business you need to review the personal data you hold and assess the risks to that data
  2. Get in line with Cyber Essentials – the Government’s Cyber Essentials Scheme describes the 5 key controls for keeping information secure
  3. Secure your data on the move and in the office – the physical security of IT equipment is important as devices could be stolen or lost
  4. Secure your data in the Cloud – you need to assess the security measures your Cloud provider has in place to ensure they are appropriate
  5. Back up your data – loss of data can disrupt your business but is also a breach of the DPA
  6. Train your staff – employees are the first line of defence against a cyber breach, but also accidental disclosure or human error is one of the main causes of DPA breaches
  7. Keep an eye out for problems
  8. Know what you should be doing – have a well drafted data protection policy so your staff know their responsibilities
  9. Minimise your data – under the DPA personal data should be accurate, up to date and kept for no longer than necessary
  10. Make sure your IT contractor is doing what they should be – you should ensure that they are treating your data with at least the same level of security as you do.

For help or advice on data protection policies in the workplace please contact Helen Kay on or .

HMK Legal - straightforward affordable employment law advice