Background image

Data Protection Rules – Small businesses are not immune!


Large or small, it doesn’t matter. If your business deals with personal data of any kind, it must be registered with the Information Commissioner’s Office (ICO)….

A recent case has highlighted that data rules still very much apply regardless of business size. In September 2016, the ICO successfully prosecuted small business Triforce Recruitment Ltd to the tune of £5,000, for failing to register.

Not registering with the ICO is not only a breach of The Data Protection Act 1998, but is also a criminal offence. And if you are a company, sanctions can also be placed on you as a director in addition to the business receiving a hefty fine.

Simple oversight or costly error? The ICO has the power to impose a monetary penalty up to £500,000.

Data protection laws are changing…

The protection of personal data is big news and the enforcement of data protection laws is set to become more stringent as big changes come into force next year.

The Data Protection Act is being replaced by a new law called The General Data Protection Regulation (GDPR) which will apply in the UK from 25 May 2018. This includes strict rules and regulations governing areas including the obtaining and processing of personal data, usage of such data and data security.

What does the GDPR mean for you and your business?

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • not kept for longer than is necessary;
  • processed in line with your rights;
  • secure; and
  • not transferred to other countries without adequate protection.

Complying with data protection laws isn’t simply a legal matter however – in fact, there are many commercial advantages to be had from taking the GDPR seriously.

Businesses who take steps to manage and secure the personal data of their clients, customers and suppliers, can not only differentiate themselves within their market as a brand to be trusted, but can also better exploit their data to commercial advantage.

Reducing the risks associated with a cyber attack is another key benefit, as is the potential to pool customer data to improve internal processes and build meaningful relationships with customers based on structured intelligence.

Take the first step towards compliance – register with the ICO for as little as £35

Information Commissioner Elizabeth Denham has warned “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance”.

So ask yourself, can your business really afford to take the risk?

The first step in getting compliant is to register your business with the ICO – for  most organisations this costs just £35 and can be done in a matter of minutes.

There really are no excuses – to help you out – here’s the link to the ICO’s registration page, all you need is your bank card!