Data Protection Self Assessment Toolkit for SMEs
The toolkit includes a checklist for different areas of data protection compliance, i.e. data sharing and information security. Guidance is provided to assist with the responses to the checklist and upon completion of the checklist a compliance rating is generated with suggestions for how compliance may be improved.
The purpose of this toolkit is to help companies remedy compliance gaps to avoid data protection breaches and subsequent action by the ICO. This may also result in more efficient customer service and the protection of a company’s reputation.
The ICO may take action against individuals and organisations that collect, use and store personal information. Sanctions include non-criminal enforcement, criminal prosecution and audit. The ICO may impose a monetary penalty on a data controller up to £500,000.
Organisations or individuals that process personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept for longer than is necessary;
- processed in line with your rights;
- secure; and
- not transferred to other countries without adequate protection.