Topic overview

Business data protection

Business data protectionBusiness data protection helps secure customer details, financial information, sales figures and other key business data, protecting one of your most important assets.

Good business data protection protects your valuable information, as well as ensuring you comply with relevant data protection rules and legislation. You should think about business data protection alongside your backup options to ensure your data is safe, even if you suffer a data protection breach or the loss or breakdown of your IT system.

What would a data protection breach cost you?

Problems with data could cost your company. For instance:

  • Your reputation could be damaged if customer data was leaked to a competitor.
  • Failure or loss of your customer database might leave you unable to carry out sales and marketing activity.
  • Failure to adhere to data protection rules could result in legal action and a substantial fine.

You need safeguards, policies and systems to stop a data protection breach.

Practicing good business data protection

The first step to ensuring good business data protection is identify all data in your business and where it's stored. Consider all places your data may be stored. It is increasingly likely that company data is also held outside your main IT system - on mobile devices or cloud services. Once you have identified all the data you hold, you can then evaluate its sensitivity and decide what steps to take to comply with data protection rules.

It's important you keep data accurate and up to date. Maintaining outdated records can be as bad as having no data at all, so implement procedures for regularly reviewing and updating records.

Duplicate records can be problematic too. You might end up mailing customers twice, or be unable to build up a picture of people's purchasing history. Many database systems allow you to identify duplicates automatically.

If you store data about people - like customers or employees - let them view the information you keep and indicate how they'll allow you to use it. Many businesses do this by establishing an area on their website where customers can log in, update their details and indicate their email marketing preferences.

Data protection rules

The Data Protection Act 1998 is the key piece of legislation relating to how your business stores and uses data. It applies to any personal information you store about living individuals.

If the Act applies to your business, there are a number of steps you must take to comply with the data protection rules. Notably, you must:

  • tell the Information Commissioner's Office that you process data
  • tell people how you use the data you store about them and let them see it
  • let people opt-out of having their data used by you
  • keep the data secure and up to date
  • only keep the information for as long as you need it

Complying with the Data Protection Act is largely common sense, but you should seek advice if you're at all unsure about your obligations.

Good business data protection

Put systems, procedures and policies in place to reduce the chance of a data protection breach. You'll want to ensure that sensitive data is best protected:

  • Store data securely. Control user access levels so only people who need access to that data can view and edit it.
  • Don't release data to the wrong people. For instance, run a security check before talking to customers about their accounts.
  • Be very wary when copying or transferring data. Encrypt data before sending it outside your business.
  • Don't store important data where it can be easily stolen or lost. For example, don't store a list of customer addresses on your laptop.

Ultimately, you need to create a culture of responsibility to ensure strong business data protection. This doesn't just mean writing procedures for your staff to follow. It also means offering guidance and training so they understand why data protection rules matter.