We live in an ever-changing, data-driven world.
Last year we saw the introduction of NHS Test and Trace, the increased use of sophisticated technologies such as AI and facial recognition. How we work with international partners also changed following the Schrems II decision and the UK withdrawal from the EU.
Personal data is everywhere, and data protection is everyone’s responsibility.
Your company is unique, but one thing you’ll have in common with others is the importance of personal data to your business. The information you hold about your employees, customers or business contacts, such as their names, contact details, personnel files, IP addresses or even their vehicle registration numbers is a key asset which can be used to help your company innovate and grow.
When people share their data with you, they grow that asset. But they’re only likely to share it if they’re confident you’ll protect it and treat it fairly.
Making sure you comply with the UK GDPR is a good place to start and we can help you do this.
How the Information Commissioner's Office (ICO) can help
As Head of the ICO Business Services department, I see first-hand the support my team gives to companies every day, answering enquiries and giving advice about how to improve data protection practices. We’re here for everyone, from sole traders to global corporations.
Whether you’ve been in business a while or are just starting out, good data protection practices are an investment that can maximise the value of data for your company. They make sure how you use people’s personal data works not only on paper, but also in the real world where you need people to have trust and confidence in what you’re doing.
Put simply, good data protection practices make good business sense. Making sure the personal information you hold is accurate and relevant will save you time and money because you won’t need to search for or correct records when you need them. The right information will be where it needs to be.
By being aware of the rights people have over their personal information and giving them more control over how it’s handled, you’ll show that you put customers at the heart of your business and that you care about their information and treat it with respect.
By storing data securely and being responsive to threats which may put your customers and employees at risk, you’ll be less likely to experience the stress and reputational damage caused by a personal data breach.
We apply sanctions to the worst offenders who try to gain an unfair competitive advantage by flouting the rules. But most of our work with small businesses is focused on helping them get data protection right.
Embedding good data protection practices in your day-to-day activities will help you maintain compliance as your business grows. We have a small and medium-sized enterprise (SME) web hub especially for small businesses containing bite-sized guidance, that’s quick and easy to read if your time is limited, and other tools and checklists to help you get started on your data protection journey.
We also help companies who’re looking to register with us for the first time. For most companies there’s a legal obligation to pay the data protection fee. This funds the ICO’s work. Paying your data protection fee means your company details will be added to our searchable public register and shows customers and business contacts that you’re aware of your responsibilities. The fee applies no matter how big or small your company is, although not everyone has to pay the same amount. For most companies it’s £35 or £55 per year, when they pay by direct debit.
You can check whether you need to pay the fee using our self-assessment tool.
For basic steps and tips on getting started with data protection, read the ICO’s top tips for beginners on its SME web hub: Getting started with data protection – top tips for beginners.