Every business uses data. If that data is of a personal nature then the collection and use of that data is covered by the Data Protection Act, and there is no exemption from the Act based on the size of the business.
The Act defines what personal data can be held by a business, the circumstances under which that data can be held, and also the uses to which it can be put. It also imposes on those businesses a duty to safeguard that data. Misuse of personal data, including unauthorised access, can prove to be expensive, and this cost could increase in view of recent Court decisions which have confirmed that it is not a requirement to show financial loss before bringing an action against a business under the Act.
A recent survey in December 2015 found that over half of small businesses considered that they were unlikely to be the target of a cyber security breach, and that increased to over two-thirds of businesses who had not suffered a breach. The reality, however, is somewhat different. Of all small businesses surveyed, over 60% had suffered a breach, with half of those breaches being in 2014 and 2015.
Equally as important is the attitude of the clients of those businesses. Nearly two-thirds felt that cyber attacks will increase in the future, and four out of five were concerned about which businesses had access to their data and whether it was safe. Over 90% of consumers said that news of cyber breaches increased their concerns.
Those concerns are certainly not misplaced. Over 10% of small businesses admitted that they had taken no steps to protect their data!
The survey found that the average cost of a claim against a small business under the Act is about £75,000. It also found that:
- 25% of businesses suffering a breach received negative reviews on social media and/or negative coverage in the media;
- 29% of those businesses found attracting new clients more difficult;
- 30% of those businesses lost clients;
- 31% of those businesses suffered damage to their brand; and
- 81% felt that their reputation had suffered
This is an area that should be of concern to businesses of all sizes. There is a lot of guidance and advice on the Information Commissioner’s Office website (https://ico.org.uk). There are also commercial websites, such as www.dataguardsman.co.uk which walks you through, in easy stages, what you need to do to become safe and compliant. Their free to use first module is essential for all small businesses.
Need more advice for your business? Contact us now