Arrow back

Why Businesses Must Take the Data Protection Act Seriously

02 January, 2020

Thee Data Protection Act, originally signed into law in 1998, has had a profound impact since its introduction over 20 years ago.

Rewriting the rulebook for how businesses process data, the Data Protection Act 1998 ensured that customer data is given appropriate value within organisations. In 2018, it was brought up to date to incorporate GDPR and ensure that it meets the demands of the digital world we live in.

Far from an abstract threat to an organisation, the Data Protection Act is actively pursued by the ICO, and can result in massive financial and reputational damage if not closely adhered to.

In July 2019, the ICO served an £80,000 fine to a London-based property company for failing to implement access restrictions when transferring financial data of both landlords and tenants.

They aren’t the only organisation to recently fall foul to the Data Protection Act 2018, either. In October 2018, Bupa was fined £175,000 for failing to prevent a massive data breach, which compromised the personal information of up to 108,000 international health insurance companies.

What Should Businesses Do to Protect Themselves from Falling Foul of the Data Protection Act 2018?

Inevitably, information will have to be shared within an organisation, so simply not handling data isn’t an option.

Instead, organisations should ensure that everyone within the organisation is aware of the kind of data being handled and the repercussions if this data is breached. No one wants a Data Protection scandal lingering over their heads.

First and foremost, businesses need to be aware of the seven principles of the Data Protection Act. These principles are the cornerstones of data protection and ensuring that data is not lost, stolen or copied without consent.

If those at the top of the tree aren’t aware of and on board with these principles, then it will be impossible to spread the message down to employees. This is where many companies fail.

Data Protection needs to be seen as a serious issue and not an afterthought to fill quotas.

The human factor should not be underestimated. With this in mind, businesses must ensure that their staff are trained in the principles of Data Protection. Failure to do so could lead to sensitive information being leaked, which will damage the organisation’s reputation and could lead to financial consequences.

Bob’s Top Data Protection Tips:

  • Make sure that whoever is in possession of the data understands they are responsible for it.
  • Do not throw away data in the bin unless it is securely locked or it has been shredded.
  • Encrypt all your sensitive data - use two-step authentication to add an extra layer.
  • Always verify a customer’s identity when a request for personal information is made.

Our Data Protection training module ensures all staff are aware of every principle of the Data Protection Act so they handle data with care.

The module walks users through different types of data, the precautions that need to be in place and how they should dispose of information once they have finished with it. End-users must be aware of the principles that make up the backbone of the Data Protection act, so our bite-sized module is the perfect solution.

To learn more, get in touch with a member of our team or buy our data protection course online.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance