Data protection: managing personal information
One in five businesses admit breaching the Data Protection Act
If your business requires you to store personal data, such as details of customers or employees, then you must comply with the Data Protection Act 1998.
The purpose of data protection legislation is to ensure that personal data is not processed without the knowledge and, except in certain cases, the consent of the data subject. It is meant to ensure that personal data is accurately processed, and to enforce a set of standards for the processing of the information.
As such it is becoming an increasingly important piece of legislation, affecting the day-to-day operation of almost all organizations. Research undertaken by BSI found that 1 in 3 businesses believe the complexity of the Act restricts their compliance, with 1 in 5 admitting that they may have unwittingly committed a breach, not simply by failing to hold personal information securely but by neglect of other legal obligations.
The British Standard BS 10012:2009 Data protection. Specification for a personal Information management system offers guidance on how to implement a framework with which to effectively manage personal information (a Personal Information Management system, or PIMS). It provides guidance on putting in place an infrastructure for maintaining and improving compliance with the Data Protection Act.
Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which enables effective management of personal information. It can be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.
BSI has also developed BSI Data Protection Online, a tool to help you ensure your PIMS meets the requirements of the standard. It offers access to a library of updated guidance and relevant case studies.
Personal data is one of your most valuable assets. Via effective management, your organization can benefit, not just by reducing the risk of non-compliance with your obligations under data protection legislation, but also by finding opportunities to deliver better value to your customers. By becoming more confident in how you manage customer data, you can in turn gain their trust.