The Information Commissions Office has launched a self-assessment tool to help small and medium-sized enterprises (SMEs) assess their compliance with the Data Protection Act and the key obligations for processing their customers’ or clients’ personal information.
Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept for longer than is necessary
- processed in line with your rights
- not transferred to other countries without adequate protection
The tool has separate checklists for Data protection assurance, Records Management, Information Security, Data sharing & subject access and Direct marketing. While you complete it, there are links to relevant guidance and further information. At the end, it generates a rating based on the responses that have been given.
Why should SMEs use it? Information Commissioner Christopher Graham said “Good data protection practice makes business sense. It can lead to better, more efficient customer service and help to protect and enhance your reputation. It could also help you avoid a fine from the ICO.”