ICO’s Toolkit for SMBs

The ICO has launched a new tool for SMBs to asses their compliance with the Data Protection Act, but what is it? How will it help your business? Read on to find out more.

The Information Comissioner’s Office (ICO) has launched a new “Toolkit” aimed at Small to Medium Businesses (SMBs) to help them asses their compliance with the Data Protection Act, and recommended practices.

The ability of the ICO to undertake data protection audits, advisory visits or workshops for all the organisations it regulates is obviously limited by its resources. Therefore, the objective of the self-assessment toolkit is to give more organisations the opportunity to evaluate and benchmark their own DPA compliance without the direct involvement of the ICO.

From the full user guide

The Toolkit is formed as a quiz, with different categories that you can add to your checklist to personalise the toolkit. The categories are as follows:

  • Data protection assurance
  • Records management
  • Information security
  • Data sharing & subject access
  • Direct marketing

You can chose to quiz your business on just one, or all of the categories. Within each category, there are statements which you agree or disagree with. At the end of the assessment you have a breakdown of each statement and suggestions to improve on your answer. If you answered them all with “Successfully implemented” you will have a satifying page of green bars!

How could this help your business?

The ICO said the new toolkit “provides handy links to relevant guidance and further information, and will generate a rating based on responses”.

Information Commissioner Christopher Graham said:

“Good data protection practice makes business sense. It can lead to better, more efficient customer service and help to protect and enhance your reputation. It could also help you avoid a fine from the ICO.”

Testing of the toolkit brought very positive reviews:

Peter Black from consultancy Newton Europe Limited, said:

“The tool was very simple to use but provided a wealth of information. This is a great tool for a beginner or an experienced information practitioner. The toolkit has highlighted weak spots with our information security that we will now work on.”

Lana Roy from the Conservation Volunteers, said:

“This is a great way to make sure we are constantly evaluating our policies, procedures and training. It will help us to make sure we have everything in place for compliance.”

After reviewing your data Protection practices with the ICO’s Toolkit, Topwood Recommends reading these articles:

Reviewing your data destruction policies

Review your shredding supplier

Related Articles:

Why use a shredding service?

Document Shredding

What is the Data Protection Act ?

How long should I keep documents for?