Data Protection and Privacy

While technological developments provide new opportunities for organisations of all sizes, they also bring risks. The protection of personal information is a commitment that all businesses have to make. The integrity of data and information that are owned, collected and used by your company must be a priority and ensuring cybersecurity is crucial. In most cases, compliance with the relevant laws and regulations is enough. However, some situations might require people to apply their own judgement to ensure that they are doing the right thing. 

IBE Guidance

• Your customers and employees entrust you with their personal information. Always consider the impact of your decisions on how to use such data will have on their privacy.
• Ensure that you have put in place adequate procedures to protect your data from internal or external threats and keep information safe, ensuring that all personal data is used and stored appropriately, and your employees are aware of your data protection policy.
• Make sure that all team members avoid discussing personal information with family members or friends. Be careful as sometimes people might disclose sensitive information without realising it. Somebody may hear you or your colleagues discussing business matters in a bar or somebody could see sensitive papers on public transport.

Subject Matter Expert Resources

• The Information Commisioner's Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. They created a SME web hub, where you can find simple tools, tips and practice advice to help small organisations comply with their data protection obligations.