The Information Commissioner's Office (“ICO”) has launched an updated guide to IT security (“the Guide”) together with a new self-assessment tool for data protection. The Guide and toolkit are aimed at small businesses and predominantly focus on the importance of keeping personal data secure. The Guide explores practical ways to maintain a safe and secure IT system through a ten step format. The interactive toolkit helps advise SMEs on the key provisions of the Data Protection Act (“DPA”) and enables businesses to evaluate and improve safety and compliance under the DPA. IT security and compliance with the DPA are of key importance to businesses, particularly in an increasingly digital age and in light of cyber security issues, as non-adherence with the DPA can result in large monetary penalties (up to £500,000) as well as reputational damage and loss of confidence in the business.
The Guide highlights businesses obligations under the DPA and, through a ten-step series of questions and statements, offers a range of practical advice on how to ensure IT systems are sufficiently secure. It encourages businesses to “get in line” with Government schemes and initiatives such as Cyber Essentials and Cyber Street. It also highlights that businesses must consider the security measures of any third parties where work is outsourced. The Guide emphasizes the importance of IT security mechanisms within moveable devices such as phones or laptops and within remote computing facilities such as data within the cloud. Click here to view a copy of the guide.
The self-assessment toolkit
The main focus of the toolkit is compliance with principles of the DPA. The toolkit is designed to assist businesses through a series of interactive checklists and compliance questions linked to further information and advice. The various answers culminate in an overall compliance rating which is accompanied by a traffic light warning system for different sections. The toolkit then offers a detailed list of advice with links to relevant ICO guidance or further information. This can be a good place to start particularly for businesses who have limited knowledge of the DPA and to enable SMEs to self-evaluate compliance and assist them in implementing policies and procedures to close any gaps within the data handling process. Click here to access the toolkit.
Both the Guide and the self-assessment tool are useful tools for SMEs however for any further advice please contact Beverley Flynn, Head of Data Protection, or any other member of the commercial team at Stevens & Bolton.