Small firms ‘confused’ by Data Protection Act

 

Small and medium-sized enterprises (SMEs) are still confused by the Data Protection Act – nearly ten years after it first came into force – a new survey has revealed.

 

According to a study commissioned by Invu and conducted by YouGov, almost one in four small businesses do not fully understand the legislation and, as a result, fail to comply with its stipulations.   

 

Introduced in 1998, the Data Protection Act gives individuals in the UK the right to know what information is held about them by an organisation. Firms that fail to comply with a request for personal details within 40 days risk receiving a fine from the Information Commissioner’s office.

 

Yet despite the potential penalty, almost one third of YouGov respondents said they did not realise the Act covers both paper-based and electronic personal information.

 

‘The premise of the Data Protection Act is very solid but implementing and managing it is not quite so clear, so it's little wonder that many SMEs are confused,’ explained Invu Chief Executive Officer David Morgan.

‘Small to medium-sized businesses often don't have the time, budget or resources to ensure that they are totally compliant with legislation, so they can often take a ‘head in the sand' approach.’