Privacy

Most SME’s still do not realise the impact of GDPR and the Privacy Act 2018 upon their business.

The headlines are;

• Unite – The Union – £45,000 fine for 27 complaints covering 57,665 calls with no opt in
• HIV Scotland – £10,000 fine 65 Email addresses not BCC’d, suggesting special category data. 2 complaints
• Your Home Improvements – £20,000 fine 1718 unsolicited calls, 4 complaints
• We Buy Any Car – £200,000 fine for 191.4 million emails, 3.6 million SMS, 42 complaints
• Saga Services – £150,000 fine 128,895,718 messages to subscribers with no opt in.
• Sports Direct – £70,000 fine 2.5 million messages to old subscriber list with no specific opt in.

How would that impact your organisation?

Any of which might cause your organisation to fold so:

If a company commits and it can be proved the breach occurred with the director’s consent, or on account of their negligence, the Director may be guilty of an offence as well as the company. The ICO can levy a fine up to £500,000 against the director personally.

Yet in our recent survey the majority of SME’s had not even registered with the ICO and paid their fee. Data privacy in the SME sector is a mess. Few companies possess the skills to form a Privacy Program and where they do, in house, it is difficult to maintain independence.

Privacy should not rely on meeting compliance alone. Your organisation should have a privacy vision that understands the effect that good policy and transparency engenders in your data subjects as well as generally enhancing your reputation.

IT Ambulance are known for the quality of their managed information security programs and because we take our commitment to Privacy so seriously and this is so entangled with data security, we have taken steps to have Certified Information Privacy Manager skills available to our customers. We have been helping customers build Privacy into their data policies before GDPR compliance was even an agenda item.

Book a consultation today.