Business Essentials

Data and Security

Every type of business will collect and hold some forms of data, such as customer information, employee records and financial information. Data and security are important and there are some fundamental areas for you to consider when developing your idea and running your business. 

 

Data

Data can be a big and scary topic with lots of misconceptions floating around, we have covered some areas for you to consider when starting your business.  If you want to find out more or gain specific advice for your situation the Office of the Data Protection Authority runs regular free drop in sessions, click here to find out more.  

A good first step is perform a data protection audit, this simply put is identifying all the data you hold and where you hold it, e.g. on a laptop, on a mobile device or on a cloud platform, like google docs. From there you can evaluate the sensitivity of the data you hold and take steps to comply with data protection law.  

What data you hold

You should only hold the data that you need in order to operate your business, for example you may hold a list of customer names and addresses for invoicing but not hold unrelated information. You are legally obliged to tell people how you use their data, and allow them access to the data about them so that they understand what you’re doing.  

If you are using personal data from your customers, suppliers, staff, etc. to do something for your business you need to be sure the data you are using is: 

✓ Secure 
✓ Accessible 
✓ Accurate 
✓ Fit for purpose 
✓ Has been obtained and used legally 
✓ The people whose data it is knows you have it and what you’re doing with it. 

How you store the data

No matter whether you store your information digitally or in paper form you should keep all information securely. You should control access to the data stored so only people who need to access that data can view and edit it.  

Keeping data

Depending on what data you store, will depend on how long you will need to retain the data for.  So it is important you carry out an audit of your data to understand the collection, process and storage for each type, for example, customer information, financial data, medical data, etc.

Data protection says ‘no’

To be clear, data protection legislation does not aim to stop any particular activity. 
Myth: “I can’t do that because of data protection.” 

Quite the opposite, it exists to facilitate the safe, legal, and proper use of people’s data. 
Reality: “I can do that as long as I treat people properly.”

Content taken from ODPA's The Feel Good Guide To Data Protection

Treating people well

Myths, confusion and misunderstandings swirl around data protection. But at its heart, it’s very simple indeed – data protection is about treating people well.  In some people’s minds, data protection is: optional, an inconvenience, a burden, a barrier.  Others see it as: a pre-condition to good business practices, a framework for the fair treatment of people, and an enabler of innovation.  Regardless of your personal view, the undeniable reality is: 

data protection = people protection 

Its aim is to ensure people are treated fairly and lawfully, protecting them from harms that can arise from their personal data being mis-used.  Data protection legislation (globally) provides the legal framework and protections for people and their data, recognising that it matters how people are treated.

 

Content taken from ODPA's The Feel Good Guide To Data Protection

The knock-on effect of a data breach can be devastating for a company. When customers start taking their business - and their money - elsewhere, that can be a real body blow.

Christopher Graham - Former UK Information Commissioner

Security

You might be inundated with cyber security tips, email advice and training telling you what to look out for but make sure that you always stay alert as methods for tricking people into giving access to data are developing and getting more and more sophisticated, here we have identified some top areas for you to consider. If you would like more information visit our business directory here which includes a number of local IT and Security businesses who can assist.   

Back everything up

You should always regularly back up your data to prevent any loss in the case of a Most companies will back their data using cloud storage and back a second copy up on an external hard drive. It is advisable to back up your data onto two separate devices to ensure no data is lost.

Protect against physical theft

One of the highest risks of people stealing your data is to physically steal your device. Make sure you keep your equipment locked away when not in use and always enable passwords and security measures on all devices in case of theft.

Cyber attacks

One of the most simple and effective methods for keeping safe against the threat of a cyber attack is to install and keep up to date security software on your devices. This will help keep you safe from viruses, malware and other online threats.

Arrange IT support

If you do not feel comfortable managing your own IT systems and equipment you may look to outsource this to an IT support provider, often this will be cost-efficient for small businesses.

Further training

There are a large number of online course for cyber security which are free to access, if you prefer a face to face training method many IT support companies will also be able to provide training in any areas where you feel you need to develop your knowledge. Visit the business directory to find out more about the companies who provide this service.

Further Information

Specific resources on data security from the Data Protection Tea Break Podcast: 

Cyber Security and Smart Devices


The ODPA's introductory area is a great starting place for new business owners and includes a link to download their Feel-Good Guide to Data Protection: 

Beginner's Area


The ODPA hold regular virtual events, you can find recordings of events available here:

ODPA Events

Need more information? Talk to a Security expert

View our Service Directory

You May Also Be Interested In

 

Payment Gateways and Platforms

 

The Startup 101 Booklet

 

Getting lost in data, the ABC's of effective decision-driven marketing