rvlsoft - Fotolia

ICO launches data privacy assessment tool for SMEs

The ICO has launched an online self-assessment tool to help SMEs to comply with data protection laws and improve data handling procedures

The Information Commissioner’s Office (ICO) has launched a UK data privacy law compliance self-assessment tool for small to medium-sized enterprises (SMEs).

The tool provides a rating of compliance with the Data Protection Act based on responses to a questionnaire, and links to relevant guidance and information.

Information commissioner Christopher Graham said good data protection practice makes business sense. “It can lead to better, more efficient customer service and help to protect and enhance your reputation. It could also help you avoid a fine from the ICO.”

The questionnaire may be completed as one comprehensive assessment that embraces the key obligations that SME’s have in relation to processing their customer’s or client’s personal information.

Alternatively, the assessment can be broken down into separate checklists so users can tailor it to their organisation’s particular needs and risks.

Self-assessment helps identify data gaps

According to the ICO, a number of SMEs tested the tool, and feedback was “very positive”.

Andrew Webber, practice manager at Exeter Orthodontic Practice, said the tool was useful to an SME dentistry business which holds and uses sensitive medical data.

“It is imperative that we not only comply with data protection regulations, but also strive to improve our information handling procedures,” he said.

Webber said the tool enabled him to review and identify any data protection gaps and confirm that processes are sound.

“Our core business is providing a service to patients and part of this is safely handling their data. If patients are not confident about our professionalism they will not use our services,’’ he said.

SMEs put revenue at risk

To mark European Data Protection Day, the ICO issued a warning that companies that fail to keep personal data safe risk long-lasting reputational damage.

The information commissioner said that the negative impact created by media coverage of data breaches can have a greater effect than any monetary penalty imposed by the ICO.

Research published by the UK’s Cyber Streetwise campaign in 2015 shows that SMEs are putting one-third of their revenue at risk because they are falling for some common misconceptions about cyber security.

In the results, two-thirds of SMEs did not consider their business to be vulnerable, and just 16% said that improving their cyber security was a top priority for 2015.

More than a quarter of the SMEs polled believe that only companies that take payments online are at risk of cyber crime and 22% believe SMEs are not a target for hackers.

This is despite the fact that SMEs are proving to be a big target because they hold a lot of data useful to cyber criminals, but typically lack the ability to keep that data safe.

Read more about data protection

  • The EU’s data protection rules will impact every entity that holds or uses European personal data both inside and outside of Europe, according to legal experts.
  • Alzheimer’s charity is warned to comply fully with all data protection recommendations in six months or face prosecution.
  • More than two-thirds of global firms expect EU data protection laws to dramatically increase costs of doing business in Europe.

Read more on Privacy and data protection

Data Center
Data Management