Data protection and information security have always been top priority for startups, but recent media coverage has brought home the importance of compliance. Incidents involving data breaches from high profile companies around the world combined with new, proposed EU Data Protection Regulation, have sparked greater awareness and encouraged startups to take data protection more seriously.
Data protection is governed in the UK by a law called the Data Protection Act 1998. As a business it is vitally important to obey data protection regulations, as the Information Commissioner’s Office (ICO), the body, which is responsible for enforcing the Act, has significant powers to crack down on non-compliance.
Most relevant to startups, as governed by the Act, is the use of personal information held about individuals and retrieval systems. This Act gives people the right to know what information is held about them, as well as access to that information. So, if you hold personal data about individuals, the Data Protection Act will apply to you.
Here are three important things for startups to keep in mind when it comes to data and information security compliance.
#1. Stay away from security hardware as much as possible.
Today, you don’t need large IT expenses and hardware to protect your data and digital assets. Powerful, cloud-enabled “managed security as a service” solutions are available to startups for generally very low monthly expense. These services are effective enough to achieve compliance with rigorous digital security requirements.
Your startup can effectively outsource all data security compliance by utilising cloud-based technology.
For example, SalesFore is a CRM tool that is Data Protection Act compliant. By using a service like SalesForce, you can ensure technical security without maintaining expensive internal systems for data management. Additionally, applications like SalesForce are easily able to scale with your business as you grow.
#2. Maintain IT Visibility and file sharing guidelines.
Regardless of your company’s size or life stage, it is imperative that your IT department maintains visibility over what your employees are doing with your company data, and which tools they are using to store, sync and share it.
At a minimum, your company should establish data security policies that include guidelines for file sharing. Issues tend to arise when consumer cloud file sync and share tools introduce risk for data breaches, with employees often unknowingly introducing risk to your organisation by simply syncing data across devices.
#3. Be sure to train your employees on data protection regulations and compliance.
Many startups today operate in a virtual environment, where employees are scattered across different regions and time zones. Training all employees on cyber security doesn’t have to take a lot of time or money, yet it is essential.
Talk to employees about using trusted WiFi networks, maintaining control of all mobile devices, and utilising good password protection. Vulnerabilities are often a result of human error, including unintended issues as a result of an employee’s tech security habits.
Teaching good habits can go a long way to protecting your company’s data long term.
About the Author
Keir McDonald MBE is Chief Executive Officer and Founder of EduCare, an online training solutions company that specialise in short, jargon-free sessions on essential business topics. The company’s training programmes for businesses are all written or endorsed by subject matter experts including Skills Platform and EdNext.