All data or information that relates to an identifiable individual that your business stores or handles needs to be properly protected. From financial information and payment details to contact information for your staff, personal data usage in the UK is protected by law.
We explain why data protection is not just a legal necessity, but crucial to protecting and maintaining your business.
What data needs to be protected?
Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, need to be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams and identity theft.
Common data that your business might store, include:
- Telephone numbers
- Bank and credit card details
- Health information
This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public.
Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles.
Does your business or organisation receive personal data from the EU/EEA?
You may receive a personal data transfer from an EEA partner. If so, there are steps you need to take now to comply with new data security rules.
The Data Protection Act contains a set of principles that organisations, government and businesses have to adhere to in order to keep someone’s data accurate, safe, secure and lawful.
These principles ensure data is:
- Only used in specifically stated ways
- Not stored for longer than necessary
- Used only in relevant ways
- Kept safe and secure
- Used only within the confines of the law
- Not transferred out of the European Economic Area
- Stored following people’s data protection rights
This comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV.
The Children's Code
The Age Appropriate Design Code, or Children’s Code, is a new data protection code of practice introduced on 2 September 2021 for online services likely to be accessed by children, such as apps, online games and social media sites.
It translates the GDPR requirements into design standards for online services to help you understand what is expected of your business. You’ll need to consider things like how much personal data you need, if you should be sharing the data and how it might impact a child’s privacy.
The ICO offers complete guidance and support to help you to achieve compliance.
The principles set out in The Data Protection Act help businesses ensure the details of their staff, clients and customers are properly protected.
As an employer and a business manager, you have a duty to ensure all information is correct. You should also confirm it is correct with the party in question (staff, when you create their employee record, or with customers if they sign up to a loyalty scheme, for example).
Following proper data protection procedures is also crucial to help prevent cybercrimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. For instance, your clients' or customers’ bank accounts being hacked into.
A breach in your data protection can be costly. And affected customers and staff, in some cases can pursue compensation against your business. You can also leave yourself open to punishments for failing to comply with data protection.
The Data Protection Act is a key law within the UK. Failure to comply can have serious consequences. Violating data protection law can see you and your business prosecuted, resulting in harsh punishments. These can include fines of anything up to £500,000 or action being taken that could result in a prison sentence.
Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business. You can read more on data protection and find downloadable resources on our #FSBeDataReady campaign hub.
How can FSB help?
Data protection is a key legal matter that can be difficult to navigate. With FSB Legal Protection Scheme, you'll have legal expenses insurance, covering a range of areas, including data protection prosecution, as well as a 24/7 legal helpline and on-demand legal library.