What is Data Protection and why do you need it?
Data Protection – we’ve heard so much about it recently.
From high profile news stories covering data breaches from $billion organisations such as Facebook; to malware attacks on the small business, there’s never been more data in the world, and it’s under threat.
Failing to protect data is now seen as a serious breach of the law and trust in an organisation. As ICO Commissioner Elizabeth Denham quoted in relation to the Facebook Cambridge Analytica scandal ‘data crimes are real crimes.’
Exponential rise in data
The number of people subscribing and posting to social media channels is constantly on the rise. We invite people to like our personal data, but equally expect it to be secure. The number of Tweets sent, photos uploaded on to Instagram, and YouTube videos watched per minute is staggering. Worldwide Google searches currently top 3.5 billion per day worldwide.
What is Data Protection
With so much of our information on the internet, what is in place to ensure it’s safe? What is data protection and why is it so important?
Data protection simply means guidance on how personal or business data is controlled or handled, enforceable by law. Any business that uses or collects data of any kind needs to comply with data protection. That means practically all businesses. As a data controller, the correct way businesses data is stored, handled and shared must also be carefully considered. Adequate safeguards need to be in place to protect data, and all staff briefed on what steps to take if a breach has occurred.
The Data Protection Act 1995 set out 8 principles. At this stage, the internet was still in its infancy, so simple and practical guidelines were outlined to steer companies to how to comply with data protection. The act also applied to the storage of paper records and how they were maintained, stored and destroyed
Introduction of GDPR
In the 21st Century it became apparent that a revision of the guidelines was needed to regulate amount of personal data that companies hold more securely. As email has become an essential part of our work and private lives, this method of communication also needed to become more secure.
As data can be passed between several countries, it was proposed that an EU wide regulation was required, which also has an impact on non-EU countries. The General Data Protection Regulation (GDPR) has brought significant revisions to the law are points such as the right to have your personal data erased if you request it, giving the consumer greater control over their personal information. See more about GDPR here.
How to comply
Taking simple, common sense steps in relation to data handling is essential in the new millennium. There are many ways you can protect your own data too, such as regularly changing passwords for email accounts and encryption company documents.
Much of the data protection regulations stem in maintaining virtual data, but in relation to data protection of paper records, the same principles apply. Maintaining accurate records, ensuring your filing system is robust and documents can be easily located, not to mention only keeping documents as long as necessary are all elements of the law that must be constantly reviewed and regulated. Shredding documents that are no longer required or archived on a backup system such as the cloud is the most effective way of managing data.
If you need help maintaining or shredding your paper records, please contact The Shredding Alliance for a quote.