The UK data protection regulator shares 7 tips for SMBs designed to save you time, money and increase customer trust.
There are over 5.5 million companies in the UK SMB community, representing over 99% of all UK companies. However, many companies do not have the in-house knowledge and resources to remain compliant when it comes to data protection.
The Information Commissioner’s Office (ICO) says 91% of consumers are concerned about their personal information being sold without their consent, and 87% are concerned about businesses losing their personal information. I quoted the data.
ICO COO Paul Arnold said regulators have come to his aid.
“Generally speaking, data protection laws apply to all workplaces, ventures, companies, societies, groups and clubs,” he added. “This includes sole proprietors, self-employed, company owners and directors. It really helps to accommodate the
The ICO urged SMBs to:
- Make a list of all personal information they hold or plan to collect
- Ask why we are getting that information to make sure it is fair and lawful
- Ensure security measures are consistent with the sensitivity of the data collected
- Be transparent with your customers about what you own and why
- Understand subject access requests and how to comply with them
- Have an incident response plan in case your data is compromised
- Check in regularly on the ICO website
For UK organizations focused on more sophisticated data processing, the regulator last week announced a new Tech Horizons Report.
Companies looking at new technologies in the next 2-5 years should ensure they are compliant. The specific technical areas outlined in the report are: The next generation Internet of Things (IoT). Immersive technologies such as augmented reality and virtual reality. and decentralized finance.
ICO warned:
- Some of these technologies do not collect personal information in a transparent manner, especially when information is obtained about third parties other than the intended user.
- The complexity of these data ecosystems makes it difficult for data subjects to understand how their information is collected and how they hold organizations accountable.
- Some technologies collect more information than necessary for their intended purpose
- Some of the information collected is sensitive (biometric/medical, etc.) and may require additional safeguards.
“Importantly, what we have learned through our research is that while the technology and opportunities that organizations are offering are new, the ways in which they can increase public trust are not,” said ICO Technology, said Stephen Almond, Director of Innovation, Enterprise.
“Being transparent about how we use people’s data and giving people control over what data is being used is important, even with today’s new technology.”
