Data Protection and Privacy Law
In the information technology age, protection of the rights of the individual is becoming more and more important and a business ignores the ever-increasing body of laws at its peril.
Navigating the sea of sometimes-conflicting privacy regulations in a commercially effective way requires skill, knowledge and commercially sensitive handling.
NRBS provides comprehensive data protection and privacy services designed to simplify this complex area of law and to ensure your business reduces the risk of falling foul of the laws and of damaging its reputation:
- data protection audits
- data protection compliance
- privacy policies
- US data privacy laws
What does data protection have to do with you?
The answer is: Probably more than you realise. Increasingly, contracts require you to warrant that you comply with the Data Protection Act 1998 and in some cases you won't get the business unless you can prove it - typically by producing an independent Data Protection audit report. Also, breaches of the Act make your business look very unprofessional, expose you to negative publicity and can offend customers. Its onerous provisions have all kinds of effects on businesses: most are not at all obvious. Breaches carry hefty fines and in extreme cases your business can effectively be closed down.
Awareness is key
Information on people is the lifeblood of most businesses and cannot survive without holding this information. If you have information on living beings, even just employees and contacts at companies, that enables those individuals to be identified, you are governed by the Act. That information can be something as innocuous as a name and address or just an email address
Some examples of possible breaches of these complicated laws are:
- sending a marketing mail shot to former customers without their consent
- having people's details in a computer without setting up password-only access
- having a web site where people can register with you but no privacy statement
- giving an employee as a contact in an advertisement without their consent
- computer screen showing personal information being viewable by outsiders
- customer service personnel not trained to do proper security checks before answering a customer's queries about their file or account
- building security "sign in" books allowing people to see who else had visited the building
- sharing your customer database with another company, even a sister company
- holding inaccurate or out-of-date information on people
- taking a laptop with your client list on it out of the European Economic Area
- being a US-owned company and transferring employee details to the US HQ
The list is endless; the lesson simple: you ignore the Act at your peril and at great risk.
Business compliance is straightforward and at relatively little cost. Whilst there is free information on the site of the Information Commissioner's Office (the body responsible for enforcement), it is quite complicated and time-consuming to work through and puts many people off: www.dataprotection.gov.uk.
For peace of mind, think about having a data protection compliance audit carried out. It need not cost much and could make a world of difference.
Other data protection related services include:
- data protection clauses for your employment contracts
- review of legal contracts to ensure compliance with the Act
- staff training in data protection issues, including issue-spotting