ICO Offers Data Protection Advice to SMBs
The UK’s data protection regulator has shared seven tips for SMBs, designed to save them time and money and boost customer confidence.
The UK’s SMB community numbers over 5.5 million firms – amounting to over 99% of all businesses in the country. Yet many don’t have the in-house knowledge and resources to ensure they stay compliant when it comes to data protection.
The Information Commissioner’s Office (ICO) cited data revealing that 91% of consumers worry about having their personal information sold without their consent, and 87% are concerned about a company losing their personal information.
The ICO’s COO, Paul Arnold, said the regulator was here to help.
“Generally speaking, data protection law applies to all workplaces, business ventures, enterprises, societies, groups and clubs,” he added. “That includes sole traders, the self-employed and company owners and directors. We live in a data-driven world and if used in the right way, data can really help a business achieve greater success.”
The ICO urged SMBs to:
- Make a list of all the personal information they hold or plan to collect
- Question why they’re obtaining that info, to ensure it’s fair and lawful
- Check to ensure security measures match the sensitivity of the data being collected
- Be transparent with customers about what they’re holding and why
- Understand subject access requests and how to comply with them
- Have an incident response plan in place in case data is breached
- Check in regularly with the ICO website
For UK organizations focused on more advanced data processing, the regulator last week released a new Tech Horizons Report.
It urged those looking at emerging technologies over the next 2–5 years to ensure they’re compliant. The specific tech areas outlined in the report were: consumer healthtech including wearables; next-gen Internet of Things (IoT); immersive tech like augmented and virtual reality; and decentralized finance.
The ICO warned that:
- Some of these technologies may not be collecting personal information in a transparent manner, especially when info is captured about third parties other than the intended user
- The complexity of these data ecosystems makes it tough for data subjects to understand how info is being collected and how to hold organizations to account
- Some technologies collect more information than is needed for their primary purpose
- Some of the information gathered is highly sensitive (e.g. biometric/medical) and may require additional safeguards
“Crucially, what we’ve seen through our research is that while the technologies and the opportunities organizations are offering are new, the ways to encourage public trust are not,” argued ICO director of technology, innovation and enterprise, Stephen Almond.
“Being transparent about how you’re using people’s data and giving people control over what data is used will be as important in new technologies as they are today.”