The Information Commissioner’s Office, which monitors implementation of data protection regulations, has been clamping down on organisations flouting the rules. Kim Sayer (pictured), associate at Neves Solicitors, looks at the measures companies should have in place to remain off the ICO’s radar.
…………………………………………..
Published in association with
THE Information Commissioner’s Office, the body responsible for monitoring compliance with data protection legislation, has been in the news a lot recently, investigating complaints against businesses and handing out reprimands and hefty fines including to Hello Fresh, the Central YMCA and marketing firms Outsource Strategies Ltd and Dr Telemarketing.
While the General Data Protection Regulations – GDPR – came into force in 2018, many enterprises ranging from large companies to sole traders or charities have not yet fully implemented all the requirements when holding or using an individual’s personal data.
Every enterprise must have a data protection officer and regularly audit its use and protection of data. When data is passed between organisations, careful review of the compliance of the party to which you are passing it to should be undertaken.
The aim of the new regulations is to give more agency and protection to individuals and the reporting any breaches (or suspected breaches) is easier than ever.
Any person can make a complaint to the ICO, and enforcement is strict. GDPR mandates rigorous standards – going much further than its predecessor the Data Protection Act – with the aim of building the trust of individuals whose data is held and used increasingly in the ever evolving digital and online business world.
A report against a business may result in investigation and an audit of the data processing systems and protections. This costs business both time and money and, with all action published on their website, could leave your name coming up in quite unfavourable search results.
If you process or hold any personal data as defined by the regulations, you are also obliged to register with the ICO. Failure to do so can result in an automatic penalty of up to £4,000.
In 2024 alone, 11 such fines have been issued where it has come to light that businesses have not properly registered and paid the annual fee, ranging between £40 for small organisations with a turnover of less than £632,000 to £2,900 for large organisations.
Put practices in place to stay within the rules
Here at Neves, we understand that making sure data is properly collected, used, stored and protected can seem like a constant uphill battle. The evolving world of online business complicates the task further with the ability of clients to opt in or opt out and, where they need to, consent so that a service can be provided, needing to be clear and obvious.
However, good understanding of the principles of data protection and a thorough audit of your practices can avoid your name coming across the ICO’s desk.
As well as advising on the seven principles of protection of personal data and how they apply to you, we have expertise in drafting a whole range of terms and conditions, including privacy and cookie policies, data processing and sharing arrangements.
We can assist your organisation in undertaking an audit of your current practice to ensure compliance and review your terms of business or contracts to ensure that they are fully up to date and interact cohesively with other mandated policies and marketing strategies.
If you use suppliers, consultants or other contractors where personal data is shared, a review of their GDPR policies and processes is also work with which we can assist, since any breach by them could also leave you open to action.
- If you have any concerns about whether you are compliant or think that you could do with a general health check to ensure that you meet the strict requirements of the GDPR and the ICO, contact kim.sayer@nevesllp.co.uk so that we can discuss the best strategy to help you avoid complaints, penalties and fines.
…………………………………………..
Stay connected with local business through Business MK. Join our exclusive community for the latest news, insights, updates, features and thought leadership. Stay informed – subscribe now. Unsubscribe at any time: bit.ly/3MZiqzQ