If you’re not sure whether you’re compliant with the DPA guidelines, the chances are you won’t be. Here are a few things to look over when examining your data storage and protection practices.
Do you need to capture and/or keep all that information about your customers?
If you have customer data you don’t need, don’t keep it. You don’t need to be data protection compliant for data you don’t have so the less you have the better. Delete or destroy any unnecessary data. Invest in a good shredder, or if you choose to burn data make sure you do it safely. Review record regularly to insure nothing unneeded is kept.
Are you satisfied that the information is being stored safely?
Are your servers and databases secured? What about the tools you use for data transfer? Ensure hard drives and servers are locked away. Make sure a minimal number of people have access to them, and that they are aware of your company security policies. If data does need to be taken out of the office make sure it is encrypted before doing so.
Let the people whose information you hold know that you have it and let them know what you will use it for. If a customer asks for the information you have on them go through checks to ensure they are who they say they are. Make an action plan of what you would do if there was a data breach, and what you would do in case of a breach.
To find out more about the DPA requirements visit www.ICO.gov.uk