Data protection guidelines published to help small firms comply

The Information Commissioner’s Office has this week published a guide to data protection for small businesses, with a checklist...

The Information Commissioner’s Office has this week published a guide to data protection for small businesses, with a checklist of legal requirements, in a bid to make compliance easier and to warn companies of a scam involving bogus government agencies.

The guide, Getting it Right, aims to give businesses a jargon-free explanation of what they need to know to comply with the Data Protection Act (DPA).

It also warns companies to beware of bogus data protection "agencies" run by fraudsters who demand high fees to register companies under the DPA. The ICO said letters from agencies charging more than £35 for notification are likely to be a scam.

The DPA requires all businesses to follow eight principles, including making sure staff and customer records are stored securely, used for the right reasons and are always accurate and are kept up to date. Businesses that process personal information also have to "notify" - or register - with the ICO.

But the bogus agencies scam has thrown the notification process into confusion. The ICO was unable to give figures for the number of businesses that had sent in notifications because many had sent theirs to fraudsters. Some of the bogus agencies had forwarded forms to the ICO, while others had not, a spokesperson said.

Assistant information commissioner Jonathan Bamford, said, "It is good business practice to comply with data protection. No business wants to keep files that are inaccurate or out of date.

"Small businesses can have a lot of legislation to comply with and we are trying to cut out the jargon. Our simple guide has been designed to help businesses understand and easily follow data protection rules."

Getting it Right is available by calling 0870 600 8100.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT legislation and regulation



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...