01 Jul DATA PROTECTION AND YOUR BUSINESS
Data Protection and Your Business
legal control over access to and use of data stored in computers.
“data protection legislation”
Sounds incredibly simple when viewed like this doesn’t it?When the actual reality, as you are probably well aware is far from it!
This blog attempts to break down the jargon and give you a brief snapshot of some of the key areas that you cannot ignore when it comes to this difficult subject.
Here at Starfish we have found that there is a lot of talking but not a lot of facts or helpful advice. We hope that this blog will give you a simple snapshot of what Data protection is, a brief overview of it, and more importantly how we can help take the stress out of the process for you, ensuring that your business is compliant, and you are not fined.
What is Data Protection?
The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or the government.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- biometrics (where used for identification)
- sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
What is GDPR?
The EU’s General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.
This new legislation introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.
Which businesses need to be GDPR Compliant?
If your business has employees, customers or clients and you collect or hold data/information on them, you will need to demonstrate GDPR compliance or potentially face fines and penalties.
What are the new rules?
The new rules which came into effect in May last year are very complex, but our advice is not to be overwhelmed by them or to see the GDPR as your enemy.If you build the rules into your organisational culture rather than being tyrannised by them then they will help you manage data more effectively, internally and externally.
The rules can be seen as following 6 themes
- Know what you have, and why you have it
- Manage data in a structured way
- Know who is responsible for it
- Encrypt what you wouldn’t want to be disclosed
- Design a security aware culture
- Be prepared – expect the best but prepare for the worst
How to approach Data Protection and Storage
Storage technologies that can be used to protect data include a disk or tape backup that copies designated information to a disk-based storage array or a tape cartridge device so it can be safely stored.
Mirroring can be used to create an exact replica of a website or files so they’re available from more than one place. Storage snapshots can automatically generate a set of pointers to information stored on tape or disk, enabling faster data recovery, while continuous data protection (CDP) backs up all the data in an enterprise whenever a change is made.
Cloud backup is becoming more prevalent. Organisations frequently move their backup data to public clouds or clouds maintained by backup vendors. These backups can replace on-site disk and tape libraries, or they can serve as additional protected copies of data.
What is the ICO’s role?
The Information Commissioners Office (ICO)is the supervisory authority for data protection in the UK.They offer advice and guidance, promote good practice, monitor breach reports, conduct audits and advisory visits, consider complaints, monitor compliance and take enforcement action where appropriate.
They also cooperate with data protection authorities in other countries. They are currently a member of the European Data Protection Board (EDPB), which includes representatives from data protection authorities in each EU member state, and we contribute to EDPB guidelines and other joint activities.
For more information about them visit https://ico.org.uk
The ethos literally is “Data Protection made simple”, so the process is made as simple as possible for you. We can guide you through the process so that you can make sure you meet the deadline and help you reach compliance smoothly. That’s how we ensure your success.
The sooner we can identify any potential issues and deal them to the satisfaction of the governing body, the better!
We would encourage you to book your FREE 15-minute consultation where we can give you a brief overview of what we can do to make sure your business is compliant.