ICO launches new data protection self-assessment tool for SMEs

Date: 2016-01-28

The ICO has today launched a self-assessment tool that will help small and medium sized organisations (SMEs) to assess their compliance with the Data Protection Act. The toolkit provides handy links to relevant guidance and further information, and will generate a rating based on responses.

Information Commissioner Christopher Graham said:

"Good data protection practice makes business sense. It can lead to better, more efficient customer service and help to protect and enhance your reputation. It could also help you avoid a fine from the ICO."

The easy-to-use toolkit may be completed as one comprehensive assessment that embraces the key obligations that SMEs have in relation to processing their customers' or clients' personal information. Alternatively, it can be broken down into separate checklists so users can tailor it to their organisation’s particular needs and risks.

Follow this link to access the ICO self-assessment data protection toolkit

Anyone who processes personal information must comply with eight principles of the Data Protection Act, including ensuring that data is not kept for longer than is necessary, and destroying data in a secure manner. Businesses failing to comply with the Data Protection Act risk action from the ICO who have the power to impose criminal prosecution, non-criminal enforcement and audit. The ICO also has the power to impose a monetary penalty on a data controller of up to £500,000.  

Flexible and secure, shredding services from Russell Richardson ensure compliance when it comes to routinely disposing of personal data that is no longer required. Full paperwork, including certificates of destruction, are provided for your records, audit purposes and peace of mind.