Data Protection Act misunderstood by small firms

Smaller businesses are failing to get their heads around data protection

Small and medium businesses are risking hefty fines for non compliance with the Data Protection Act, a new survey has revealed.

The research, commissioned by Invu and conducted by YouGov, revealed that nearly one in four British small or medium organisations are unsure or do not believe that their company is compliant with the act, which gives individuals in the UK the right to know what information is held about them by organisations.

The Data Protection Act, introduced in 1998, is designed to give the public greater protection over how their personal information is gathered, stored, shared and maintained by a range of organisations. Companies who do not comply risk receiving a hefty fine from the Information Commissioners Office, who is charged with policing the Act.

Yet despite this, the Invu survey shows that small firms don’t really understand the Data Protection Act. As a consequence, they are failing to adhere to the legislation – nearly one third of respondents stated that they did not realise that the act also covers both paper-based documents and not just those held electronically.

According to the Data Protection Act, when an individual requests information, every organisation, regardless of size, is legally obliged to share all necessary details within 40 calendar days.  But the research found that 51 per cent of respondents did not know that they have to reveal personal data about an individual held in any filing system within that timeframe.

David Morgan, chief executive of Invu, said it was no surprise small firms were confused and claimed government has a role to play.

“Small to medium sized businesses often don’t have the time, budget or resources to ensure that they are totally compliant with legislation, so they can often take a ‘head in the sand’ approach.”

“The Government needs to take stock and ensure that organisations of all size understand and adhere to the Data Protection Act.”

© Crimson Business Ltd. 2008


(will not be published)