Data Protection made easy!

  • by
Blog post on data protection made easy

If you are thinking of setting up a business, then one of the very first things you will need to think about, possibly before you have even started selling your services or products, is Data Protection.

What is data protection?

Data protection is about protecting people’s information that you have collected from them and ensuring that it is only used for the right purposes. People need to be able to trust you if they are giving you their information.

Why do I need to worry about it?

  • because there are laws governing the privacy of data, and you may be fined if you don’t comply
  • because if people aren’t happy with how you are using their information, then you run the risk of damaging your reputation which will ultimately have an additional cost to your business. We’ve all read about data breaches in the news and the bad publicity this has brought to companies.

What does the law say and how does it apply to my business?

The Information Commissioners Office (ICO) regulates data protection in the UK. Their website www.ico.org.uk clearly states that the law applies to any “processing of personal data”, and will “catch most businesses and organisations, whatever their size.”

They recognise that every business or organisation is different and there is no “one-size fits all” solution. It’s therefore similar to Health and Safety, where the onus is on you, as a business owner, to think about and justify how and why you use data.

What is personal data?

Personal data means information about a particular living individual. This could therefore be anyone you come across in your day to day business life, whether a client, employee, partner, business contact or member of the public.

Data may be a name or a number, or it could include things such as an IP address or a cookie. The general rule of thumb is that if it is possible to identify an individual directly from the information you are processing, then that information may be personal data.

It doesn’t need to be ‘private’ information, so even if the information is public knowledge or is about someone’s professional life, then it can be personal data.

So even if you only collect someone’s name and email address, then this is almost certainly personal data.

What is processing?

The law applies to the “processing of personal data that is:
 wholly or partly by automated means; or
 the processing other than by automated means of personal data which forms part of, or is intended to form part of, a filing system.”

Basically, this means that almost anything you do with the data counts as processing, whether you are collecting it, recording it, storing it, using it, analysing it and even deleting it!

And this is regardless of whether it is written down, typed into a spreadsheet or database, or captured for example by a mailing system for you to use for marketing.

What other rules may apply to me?

  • There are also special categories of personal data which are considered to be more sensitive and have tighter restrictions over them. For example – people’s religious views. A great example of this is a caterer who has to deal with dietary requirements and would therefore be able to deduce someone’s religious beliefs from that data.

  • Information about companies is not personal data. However, information about individuals acting as sole traders, employees, partners and company directors where they can be identified as individuals may be classed as personal data. So someone’s email address, even if it is a company email address, will most probably be personal data.

What should I do next?

Our advice is always to go to the root of the information, and in our opinion the ICO’s website has a great pool of advice, guidance and tools designed for small business owners.

We would recommend their quiz for small businesses, which will tell you how compliant you are, and give you pointers for actions you might need to take.

And if you need to pay, this only takes a few minutes too and for many small businesses costs just £40. Not very much at all for your peace of mind. The link for registering to pay the fee can be found here.

We talk in more detail over in our Facebook community about all of these topics so you can be better informed and make the right decisions when setting up in business.

If you’re not already part of our community, it’s entirely free and can be found here:

https://www.facebook.com/groups/thestressfreebusinesshub

Blog featured image Stressfree Business Hub the launch of our Facebook group

Liz & Doug are a husband and wife team who have been running successful micro businesses for 25 years. With backgrounds as a “big 4” chartered accountant and as consultants, both have worked for large companies with clients worldwide. They believe that with the right know-how and support, starting a business can be made easy (or certainly easier!)

The contents of this blog are for general information purposes only and are correct to the best of our knowledge at the time of going to press. You may wish to seek professional advice in relation to specific circumstances.

Leave a Reply

Your email address will not be published. Required fields are marked *