Is your company data compliant?

Is your company data compliant? It needs to be. In this era it makes sense to implement appropriate processes and systems for data and document management as a matter of routine.

In the digital age, more than ever organisations hold and process personal data in one form or another, at the very least about their own staff, Customers and/or suppliers.  As a consequence, the Data Protection Act (DPA) is perhaps the one piece of legislation that generates the highest number of compliance challenges for any organisation.

Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the European Economic Area without adequate protection

With the sheer volume of do’s and don’ts incorporated within the Act, it is often tempting just to bury your head in the sand and to focus on the day-to-day business rather than attempting to make sense of the plethora of policies and procedures necessary for all areas of the business to comply.

However, organisations that invest in continuous monitoring and regular audits of their systems and processes, can not only reduce the financial consequences of non-compliance, but can also improve the efficiency of their business operations.

The sending of personal data, whether by electronic or printed means, is not the only way in which it can be put at risk.  Even data that is no longer required by an organisation is considered vulnerable, particularly where that business fails to secure its safe disposal.

The seventh principle of the Data Protection Act states that “appropriate technical and organisational measures must be taken to avoid accidental loss or destruction of, or damage to, personal data” and the consequences of failing to securely dispose of IT equipment can be extremely costly.

Research by the Ponemon Institute in the USA found that business disruption and loss of productivity were the most significant consequences for companies that did not maintain compliance with relevant legislation and regulation.  Therefore, it makes sense to implement appropriate processes and systems for data and document management as a matter of routine.  Effective document management is proven to have a positive effect on a business’s bottom line through smarter, more efficient working and better Customer service.

Article provided by Amshire IT Solutions, Stockport as an Expert Opinion piece