Why is data protection so important?

Blogs 11 Oct 2022

Discover how data protection is important to a business, the penalties for failure, and the help available to small businesses.

 Content Updated October 2024

All data or information that relates to an identifiable individual that your business stores or handles needs to be properly protected. From financial information and payment details to contact information for your staff, personal data usage in the UK is protected by law.

We explain why data protection is not just a legal necessity, but crucial to protecting and maintaining your business.

What data needs to be protected?

Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, need to be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams and identity theft.

Common data that your business might store, include:

  • Names
  • Addresses
  • Emails
  • Telephone numbers
  • Bank and credit card details
  • Health information

This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public.

Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles.

Does your business or organisation receive personal data from the EU/EEA?

You may receive a personal data transfer from an EEA partner. If so, there are steps you need to take now to comply with new data security rules.

Data Protection Act

The Data Protection Act contains a set of principles that organisations, government's and businesses have to adhere to in order to keep someone’s data accurate, safe, secure and lawful.

These principles ensure data is:

  • Only used in specifically stated ways
  • Not stored for longer than necessary
  • Used only in relevant ways
  • Kept safe and secure
  • Used only within the confines of the law
  • Not transferred out of the UK without compliance with the rules on the transfer of personal data to receivers located outside the UK. You don’t need any new arrangements for transfers from the UK to the EEA. The UK government has stated that transfers of data from the UK to the EEA are permitted, but this will be kept under review.
  • Stored following people’s data protection rights

This comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV.

The Children's Code

The Age Appropriate Design Code, or Children’s Code, is a data protection code of practice introduced on 2 September 2021 for online services likely to be accessed by children, such as apps, online games and social media sites.

It translates the GDPR requirements into design standards for online services to help you understand what is expected of your business. You’ll need to consider things like how much personal data you need, if you should be sharing the data and how it might impact a child’s privacy.

The ICO offers complete guidance and support to help you to achieve compliance.

Security

The principles set out in The Data Protection Act help businesses ensure the details of their staff, clients and customers are properly protected.

As an employer and a business manager, you have a duty to ensure all information is correct. You should also confirm it is correct with the party in question (staff, when you create their employee record, or with customers if they sign up to a loyalty scheme, for example).

Following proper data protection procedures is also crucial to help prevent cybercrimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. For instance, your clients' or customers’ bank accounts being hacked into.

Non-compliance

The Data Protection Act is a key law within the UK. Failure to comply can have serious consequences. Violating data protection law can see you and your business prosecuted, resulting in harsh punishments. These can include fines of anything up to £17.5 million or 4% of your annual worldwide turnover, whichever is the higher or action being taken that could result in a prison sentence.

Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business. 

Legal expenses insurance that doesn’t break the bank

Protect your business against the unexpected. FSB Legal Protection Scheme is designed just for small businesses and is backed by 24/7 legal advice, expert tax guidance and online support - all at no extra cost.

find out more

 

Return to listing