Data Protection

DPA compliance - a threat or a promise?

By Victoria Matthews, Head of Legal at QAS

Legislation affecting the conduct of businesses is seldom looked on with affection. It is usually seen as likely to heap additional costs and responsibilities onto companies that already believe they are hamstrung by excessive regulation and too many interfering directives.

This doesn’t mean to say that people are always against what the legislation is trying to achieve. Far from it. Research carried out recently on behalf of the Information Commissioner by the University of Lincoln, for example, showed that 73 per cent of British small businesses wholeheartedly agree that the principles behind data protection legislation are ‘a good thing when doing business’. There is as high a level of awareness of the demands of the Data Protection Act (DPA) as there is acceptance of its necessity.

The problems start when principles stop being just principles and become the cold hard hand of the law. A chill wind will have blown through a few hearts with the news late last year that the European Commission wants, nay demands, that the UK government toughen up enforcement of the DPA. Apparently it’s been giving corporate UK an easy ride on issues like accuracy and security of personal data. So never mind that you appreciate the need for the law, you’d better be able to prove you’re sticking to it like glue.

But don’t just view this as added cost and responsibility. It’s important also to see the DPA, even the newly strictly applied, extra tough DPA, as a way of making your business more effective. Holding inaccurate customer information on a badly secured database isn’t only illegal, it’s daft. It doesn’t just risk the privacy of your business prospects, it’s also bad for business. So don’t just comply because you have to, do it because it makes you more competitive.