“Dear Commissioner, I’m a sole trader getting close to launching my first business, but I have no idea what I need to do when it comes to data protection. Where do I even begin?” Anne King, Operations Director at the Jersey Office of the Information Commissioner, gives her top tips for what to consider when it comes to data protection for new small business owners.
When getting a new business venture off the ground, we know there are a hundred things to consider and many plates you need to spin before you’ve even had your first customer or client through the door. In Jersey, one of the often-overlooked factors of establishing a small business, whether as a sole trader, as a partnership or limited company, is consideration for the personal data you’ll no doubt be collecting.
Customer information, employee details, even contact or payment details for suppliers and contractors are all data points you’ll need to take responsibility for looking after once you’ve established your business. Under the Data Protection (Jersey) Law 2018, if you are using people’s personal data, as well as a Business Owner/CEO/Entrepreneur/Start-up Extraordinaire, you’ll also gain the swish new title of Data Controller.
Firstly, what is Data Protection and why is it important?
Data Protection is about the fair, transparent and proper use of information about people. It’s part of the fundamental right to privacy – but on a more practical level, it’s really about building trust between people and organisations.
Protecting and caring for people’s personal data is vital to protect their privacy and in turn, their wellbeing. It’s also a legal requirement under the Data Protection (Jersey) Law 2018 (that’s our local version of the European General Data Protection Regulation, also known as the ‘GDPR’). If you don’t look after this information properly, and something happens (e.g. the information is lost or stolen) this can have significant effects for individuals. It can also put your organisation at risk of complaints and investigative action from our office.
Who needs to comply with the Jersey Data Protection Law?
All those who use information about individuals for any reason other than their own personal, family or household purposes, need to comply with the law. The law takes a flexible, risk-based approach which encourages those that use (for example, collect, record or store) people’s personal data, to think carefully about how and why they need it, use it and for how long they need to keep it. You need to make sure you look after that personal data and keep it safe and secure and that only the right people in your organisation have access to it.
Top Tips for Using Personal Data:
» what you are collecting
» why you need it
» how you are using it
» what measures you have in place to keep it safe
People and Data Protection:
Managing Personal Data:
Storing and Assessing Personal Data:
Always remember that we want you to be data protection confident. If you’re in doubt and not sure about something related to data protection, have questions, or need advice, our team at the Jersey Office of the Information Commissioner is available to help you. You can call us on 716530, email us at enquiries@jerseyoic.org or visit our dedicated resource room that includes a variety of handy toolkits, checklists, templates and how-to-guides.
If you have a question to submit for our Ask the Commissioner feature, you can email us at communications@jerseyoic.org and use the subject title “Ask the Commissioner”.