One of the key tools launched in 2016 by the ICO was the self-assessment tool that helps small and medium sized organisations (SMEs) to assess their compliance with the Data Protection Act. The toolkit provides handy links to relevant guidance and further information, and generates a rating based on responses.
Information Commissioner Christopher Graham said:
“Good data protection practice makes business sense. It can lead to better, more efficient customer service and help to protect and enhance your reputation. It could also help you avoid a fine from the ICO.”
The easy-to-use toolkit may be completed as one comprehensive assessment that embraces the key obligations that SMEs have in relation to processing their customers’ or clients’ personal information. Alternatively, it can be broken down into separate checklists so users can tailor it to their organisation’s particular needs and risks.
Follow this link to access the ICO self-assessment data protection toolkit https://ico.org.uk/for-organisations/improve-your-practices/data-protection-self-assessment-toolkit/
Anyone who processes personal information must comply with eight principles of the Data Protection Act, including ensuring that data is not kept for longer than is necessary, and data is destroyed in a secure manner. Businesses failing to comply with the Data Protection Act risk action from the ICO who have the power to impose criminal prosecution, non-criminal enforcement and audit. The ICO also has the power to impose a monetary penalty on a data controller of up to £500,000.
DiskShred offers secure physical data destruction, for all types of media. For advice on data protection and secure data destruction contact DiskShred.