ICO launches Self-Assessment Tool and IT Guidance for SMEs

The Information Commissioner’s Officer has recently launched a self-assessment toolkit aimed at small and medium sized enterprises and updated its IT guidance to promote compliance with the Data Protection Act 1998.


The toolkit takes the user through a range of scenarios and checklist to test compliance. Some of the areas covered include; data protection assurance, records management, dealing with subject access request, information security, data sharing and direct marketing.

By providing an overview it helps the user to navigate what can be a complicated area of the law and obtain an assessment of their compliance with the Data Protection Act. It is also an important tool as it helps a business to consider some risks that currently exist with regard to data protection and how to minimise those prior to something going wrong such as a data security breach or a complaint to the ICO because for example a subject access request has not been dealt with properly.

IT Security Guidance

The ICO’s A Practical Guide to IT is another important piece of guidance, which is specifically targeted to SMEs with the view to providing advice on how to keep IT systems safe and secure. With more and more electronic data being collected by businesses and data security breaches affecting the biggest businesses, it means that no matter the size of your business you could be affected by a breach if your system is not secure.

The updated guidance deals with the latest threats that could affect your business and aligning your practices with it means that you will better protect yourself and your customers. It looks at securing data in the office and on the move, securing data in the cloud, backing up data and providing training to staff among other practical steps. Taking action means that you are minimising the risk of being fined by the ICO which can be as much as £500,000.

Forbes Solicitors regularly advise a range of businesses in relation to data protection law and practice. This includes reviewing policies, providing training, providing assistance with subject access request and conducting data protection audits. If you have any questions please contact Daniel Milnes.

Nat Avdiu

About Nat Avdiu

Nat Avdiu is a Paralegal in the Contracts and Projects team at Forbes Solicitors. Nat provides updates for clients on a range of issues including: governance, data protection and freedom of information, procurement and charity law.
This entry was posted in Uncategorised.

Leave a Reply

Your email address will not be published. Required fields are marked *