It sounds boring, but it isn't too painful, and can safeguard your business
Data protection sounds boring, because it's not a key part of your business. You probably don't lie awake worrying about it. But ignore it and you could end up with a hefty fine, find yourself unable to secure funding or sell your business for its true value. Take the time to understand the basics of data protection legislation for the sake of your business.
Avoid data doom
So what are the real implications to your company?
"Many business owners are not aware of the effect the Data Protection regulations may have on how much they can sell their business for and what they can borrow," says Andrew Woolley of Woolley & Co.
"For e-commerce businesses, and many others too, a key asset is almost bound to be the customer or contacts database (the "data"). A common misconception within the realms of data protection is that all you need to do is register with the DPA and have any old policy on a website.
Further to this, lenders will want to look at the value of your business and what they could get for your it if it had to be sold.
You never know when you might need your data protection policy, as Gill Hunt of Skillfair.co.uk found out.
"What I learned from the experience is there's always someone out there who'll test your procedures - so make sure you have some and know what to do when they ask!"
Registering with the Information Commissioner
You may be exempt from registering with the Information Commissioner's Office if you only process people's personal data for personnel purposes, advertising and PR activities or for accounts and records. However, Andrew Woolley suggests small business owners should assume they need to register: "You soon will if you don't already."
Notification costs �35 and must be renewed annually. And if you are not exempt from notifying the Information Commissioner but fail to do so, you are liable now to pay fines up to �5,000 per offence plus costs. Liability can extend to the company and to individuals, which means if a company commits a criminal offence under the Act, any director or manager can be found guilty too.
Beware the scams: There are several bogus companies who use new company registration data to send you a demand for data protection registration. These are fake and should be ignored. The Information Commissioner is the only body responsible for data protection registration, and keeps a list of known bogus companies.
If you are exempt, you still need to keep data safe and abide by the key rules of data protection. To avoid any problems down the line, here are some key considerations:
As Gill Hunt discovered, you must also provide individuals with a copy of all the information you hold on them if they make a written request for it. You can charge a fee of up to �10 for this. If they ask you to stop using their data for direct marketing purposes, you must do so.
It actually isn't too painful - and much of the regulation amounts to the protection you'd want people to take with your personal details too. By keeping to a few relatively simple rules, you can protect and safeguard not only those whose data you hold, but also your own business's future.