Blog details

The ICO advises SMEs to ensure good data protection practices

The ICO advises SMEs to ensure good data protection practices

The UK’s ICO has issued a statement where it advises SMEs to ensure good data protection practices and provides other valuable recommendations. 


The UK’s ICO has produced a guide to help businesses understand their new obligations under the GDPR and to prepare for them. In the advent of Data Protection Day, the ICO has issued a statement, advising the UK’s approximately half a million small to medium enterprises to ensure good data protection practices, so as to save resources and establish trust with customers. In this statement from the ICO, SMEs are advised to have regular check-ins with the ICO, and are given some clear tips to achieve the best data protection practices. 


The ICO reinforces the importance of good data protection procedures for small and medium enterprises.

The ICO urges the SMEs in the UK to review their data protection procedures before Data Protection Day. A company’s standing in the market can rise thanks to good data security policies. According to a recent poll conducted by the ICO, 91 per cent of respondents were concerned that their personal information would be sold to third parties without their knowledge or agreement, and 87 per cent were concerned that a corporation would lose their personal information. The purpose of data protection legislation is to guide businesses on how to handle customers’ private data lawfully and transparently. Good data protection not only satisfies the law, but also makes sound financial sense. It helps companies save money and effort while assuring customers that their data is handled properly. 

Chief Operating Officer, Paul Arnold, in a recent statement said “Data protection compliance is not a barrier to business success and the ICO is here to help. For example, we want to empower businesses and organisations to ensure their email marketing databases are working as hard as possible to reach the right customers, lawfully, every time.” The ICO is keen on helping small businesses take advantage of the opportunities available in the digital economy. The ICO seeks to help all SMEs understand how their data is being used and what steps they can take to protect it. 

ICO offers a list of valuable, applicable tips to new small and medium-sized enterprises in the UK.

In its recent statement, the ICO suggests that businesses begin by making a list of all the personal information they currently have or plan to collect, as businesses need to be able to account for all personal data being collected and stored. Businesses should also be able to account for the reasoning behind the collection of each piece of personal data, ensuring that all data collected is absolutely necessary for its purpose. The ICO urges business to prioritise transparency and solid security measures, ensuring that security measures line up with the sensitivity of the information being held. Businesses are advised to have a data breach action plan in place in the event that personal information is compromised and to regularly check in with the ICO for further guidance on maintaining and improving data protection procedures. The ICO has also highlighted the importance of knowing how to handle data subject access requests, and has provided a brief step by step guide for businesses and organisations

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Prev post
The Importance of the GDPR in 2022: Continuous Regulatory Enforcement
January 26, 2023
Next post
Creation of an artificial intelligence department at CNIL
February 2, 2023