What is expected of businesses

What is Expected of Businesses?

All businesses must ensure that appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data, against accidental loss and against destruction of or damage to personal data.

Financial services in particular are expected to adhere to higher standards. They are required by their regulator to have a written and enforced policy on data security, especially where they are handling sensitive personal data.

You should undertake a risk assessment in your workplace, considering the risks of data falling into the wrong hands, and then outline the steps to be taken to minimise or prevent these risks.



Examples of steps to prevent or minimise risks include:

  • Shredding all confidential waste.
  • Ensuring staff know what is expected of them.
  • Checking the security of your premises.
  • Using strong passwords.
  • Installing a firewall and virus checker on your computers.
  • Using an anti-spyware tool.
  • Encrypting personal information held electronically.
  • Disabling any ‘auto-complete’ settings.
  • Holding telephone calls in private areas.
  • Carefully selecting trusted third parties.