New powers, designed to deter data breaches, came into force on 6 April 2010. The Information Commissioner’s Office (ICO) can now order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act. The power to impose a monetary penalty is designed to deal with the most serious personal data breaches and is part of the ICO’s overall regulatory toolkit which includes the power to serve an enforcement notice and the power to prosecute those involved in the unlawful trade in confidential personal data.
The number of data breaches reported the to the ICO has now exceeded 1000 and while this may sound like a lot, the reality is that these breaches are a drop in the ocean when you combine them with the non-disclosed breaches that occur every day due to insufficient information security controls and human error.
Don’t be next ICO breach, escape £500,000 fines!
So you know that you have to comply with the Data Protection Act, and you know that the penalties for non-compliance are far tougher than any seen before.
The first thing you need to do is identify your current level of conformance. The DPA Compliance Assessment Tool will help you do this: it provides recommendations and offers guidance to help you close any gaps that are identified.
Once you have identified exactly what you need to do in order to become fully compliant with the DPA, you will find the DPA Compliance Documentation Toolkit invaluable. It includes all the documentation templates, which are fully customisable, that are essential for any UK data controller (and UK organisation that is responsible for personal information) seeking compliance with the UK Data Protection Act 1998.
The Assessment Tool and the Documentation Toolkit will enable your organisation to become fully compliant with the DPA. However, to make the process easier and to provide supporting guidance, we have bundled them together with two pocket guides and a set of posters.