Why Data Protection Policies Are Important

Why Data Protection Policies Are Important

As a small company, setting up a dedicated data protection policy can be a bit of a hassle. It usually results in the delegation of tasks and the managing director’s worst nightmare – investment (gasp!). But while the process of data governance is something many businesses would rather do without it is slowly gathering more attention from audit authorities like the FSA.

The reason why your firm should set up a data protection policy lies in three key areas.

  • Ensuring your ongoing productivity

Having a company wide understanding of the importance of data protection means that your workforce will be more aware of the risks of data loss. Without the regular backup of company data it won’t be long until a key set of files is lost, productivity has to stop and an embarrassed phone call to customers follows. A data protection policy is as much about being able to recover important customer related data as it is about stopping data from being exposed.

  • Protecting the goodwill of customers

After a series of data exposure cases in the media, the FSA and ICO have both stressed the importance of implementing encryption technologies on removal media devices. The accidental loss of a USB stick with sensitive data contained on it has become the most common company blunder of recent times. By introducing data encryption and control mechanisms on devices used outside office walls you will go some way to ensuring your company doesn’t hit the headlines and your reputation goes undamaged.

  • Avoiding data protection related fines

If the first two reasons don’t provide you with good enough reason for implementing a data protection policy, then the third one surely will. Any company that loses or potential exposes certain sensitive customer data must report the incident to the Information Commissioner. This is so the ICO can go about contacting those who may have been affected.

As of April 6th 2010 the ICO can feasibly charge firms responsible for third-party related data loss or exposure a maximum of £500,000. While any resulting penalty is exactly decided on circumstance i.e. the level of data loss and existing prevention measures in place, a substantial fine is often enough to seriously hurt a company’s future intentions.

In the coming weeks we will provide more information on how you can start writing up a data protection policy. In the meantime, if you would like more information on the components of the Data Protection Act 1998 – the main legislation piece regarding data protection – you can find it in an earlier blog of mine, Components of the Data Protection Act.  

Share this post

Join our cloud community

Join our cloud community Sign up for email updates