Posted by John North, Partner
On 1 September 2016 Withy King LLP merged with Royds LLP. The trading name for the merged firm is Royds Withy King. All content produced prior to this date will remain in the name of the firms pre-merger.
Data Protection Self Assessment Toolkit for SMEs
The new data protection self assessment toolkit launched by the Information Commissioner’s Office (‘ICO’) is designed to help small and medium sized enterprises (‘SMEs’), which make up 99% of UK businesses, assess and improve their compliance with the Data Protection Act 1998.
The toolkit includes a checklist for different areas of data protection compliance, i.e. data sharing and information security. Guidance is provided to assist with the responses to the checklist and upon completion of the checklist a compliance rating is generated with suggestions for how compliance may be improved.
The purpose of this toolkit is to help companies remedy compliance gaps to avoid data protection breaches and subsequent action by the ICO. This may also result in more efficient customer service and the protection of a company’s reputation.
The ICO may take action against individuals and organisations that collect, use and store personal information. Sanctions include non-criminal enforcement, criminal prosecution and audit. The ICO may impose a monetary penalty on a data controller up to £500,000.
Organisations or individuals that process personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept for longer than is necessary;
- processed in line with your rights;
- secure; and
- not transferred to other countries without adequate protection.