The Information Commissioner’s Office (ICO) has launched a data protection self assessment toolkit for small and medium sized enterprises (SMEs) on its website. The new tool is designed to help SMEs evaluate and improve their compliance with the Data Protection Act 1998 (DPA).
The tool incorporates checklists for various areas of data protection compliance which can be assessed independently or in combination with other areas, including data protection assurance, records management, information security, data sharing and subject access, and direct marketing. Background information and guidance is provided to assist with checklist responses. A compliance rating is automatically produced upon completing assessments, along with detailed suggestions and links to relevant ICO guidance for areas where compliance could be improved.
The tool is a helpful starting point and reference guide for data protection compliance for SMEs and should assist with identifying compliance gaps and the next steps to remedying these, so that DPA breaches and enforcement action by the ICO can be averted.