Lots of cogs connected with computers and showing padlocks

Data Protection

For small businesses and charities, data protection can seem like a logistically impossible task.

It doesn’t need to be

First, it is worth considering data protection as a fundamental part of a business, not something that needs to be added on at a later date. Getting data protection right also secures our business data as the systems in place for safeguarding personal information will protect commercial data as well.

What is data protection?

It is what we care about for our own data, or that of our family’s.  It is legislation that protects our individual rights regarding how our identifiable data is used and safeguarded. It also outlines howe we can access, challenge, or change its usage.

As a business or organisation, it is our responsibility to comply with this legislation and protect the data of those who use our services, buy our products, or work with us. This includes our employees, colleagues, volunteers, and other individuals we communicate or interact with.

Infographic with the following wording: Data Protection Individual Rights: Right to restrict processing Right to be informed Right of access Right to erasure Right to object Right to data portability Right of rectification What to Do: Understand your data Ensure legal basis for processing personal data Have privacy policies in place Ensure data is secure Assign responsibility for data protection Support: Assistance with understanding the key aspects of data protection Support with data protection & cyber security policy drafting Outlining sensible approaches to securing data and compliance with legislation Support that is affordable, so that your organisation can meet data protection requirements effectively and efficiently Regulations: UK General Data Protection Regulation (UK GDPR) Data Protection Act 2018 Privacy and Electronic Communications Regulations (PECR) For more information, visit: www.clockworksupport.co.uk

Where to start

Lots of cogs connected with computers and showing padlocks

In the UK your place to start is the Information Commissioner’s Office, for small businesses and charities head to – Advice for small organisations | ICO.

Also at ICO check if you need to pay the registration fee Data protection fee self assessment | ICO, currently for a small organisation, tier one, it is £52 per year. Not all need to pay, my business didn’t, if you sell online or have CCTV you will always need to, so go through the assessment. If you don’t you must still comply with the legislation.

Next, if you are feeling confident in your steps you can Create your own privacy notice | ICO which will help you remain compliant, this is essential on websites but also when you are sending emails – you can link to it in your email privacy note.

Don’t forget you need to ensure that you tell people about the cookies on your site and give them the option to opt out. Head to Cookies and similar technologies | ICO for more information.

Data security

A quick note about data security, I will write more about this in another post but for now, know that for an organisation or business to comply with data protection, we must ensure that data is held securely. That is paper files and information but also cyber security, digital files, emails, documents, mailing lists, those visiting our websites and communicating with us, our social media platforms, it is a long list. However, let’s start simply:

  • Separate personal files from business files and don’t use your personal email address for business use
  • Make sure you have digital security for your PC, mobile, server, website and domain (which includes email) antivirus software, firewall and that you update your devices with the latest security patches
  • Ensure you have safe backups and use end to end encryption to protect information
  • Use strong passwords and ensure you use multi-factor authentication wherever possible
  • Only collect and hold the data that you need and only for as long as you need it

A great resource which I have used is Check your email security – NCSC.GOV.UK you can check your domain and your email security. Key things you need is access to your DNS, which is your Domain Name System, this is via your hosting site, domain registrar or perhaps your web admin.

Graphic with wording: Working within current legislation and guidance for organisations, in particular charities to support with compliance

Support

I will write more about data protection and cyber security (essential for securing data) in another post but if you do want administrative help to get you started, please get in touch. I understand how challenging it can be to operate all aspects of a charity or small business.

Milo a small liver and white sprocker spaniel puppy sleeping with an eye half open
Data Protection and Cyber Security can feel overwhelming. Let’s help each other and relax like Milo.