What does this mean for my business?
It means that if you are collecting ‘Personal Data’ of customers, employees, or volunteers then you need to take the 6 Principles stated above into account. Regarding your IT Systems, principle 6 is the major influence.
The Security of that Personal Data has got to be one of your highest priorities as a business. The fines for not providing adequate security of customer personal data and be 4% of the Business Global Annual Turnover. In some cases, this goes into the many millions of £’s.
Do not stress too much, there are things you can do to help you protect that data. There is a security framework called Cyber Essentials which helps businesses go about making changes to improve their security profile.
Follow this link to learn more about Cyber Essentials
Information Security Policy Documents
As the business owner, you should also write an Information Security Policy which should be made available to your customers and staff. This will show that you are committed to doing the right thing by them and will give them confidence you know what you are doing with their personal data. The EU GDPR Mandatory required documentation is a large list of documents which will help your business comply. Our GDPR Section is under construction.
TechSecScot are no longer contracting as a Compliance Specialist but has provided lots of information on this website to help you.