The ICO has launched a self-assessment tool that will assist small and medium organisations (SMEs) to assess their compliance with the Data Protection Act 1998.
The self-assessment tool, launched at the end of January, covers the key obligations that SMEs have in relation to processing their customers' or clients' personal information. The tool addresses different areas, including records management, data security and direct marketing. SMEs have the option to complete different checklists, in order to tailor their self-assessment to their particular needs and risks.
The self-assessment tool generates an individual report with associated risk ratings, and suggests areas for focus and actions to be completed in respect of these areas.
The ICO recognises that good data protection practice can lead to more efficient customer service and help protect the reputation of a business. The self-assessment tool offers information and practical measures to assist SMEs in complying with their data protection obligations and mitigate their risk of incurring financial penalties from the ICO.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at April 2016. Specific advice should be sought for specific cases. For more information see our terms & conditions.