Nearly one in five small businesses admit to unwittingly breaching the Data Protection Act (DPA), according to research.
The survey by standards body BSI suggests that half of these firms have repeatedly flouted the act, while 18 per cent were not sure whether they had or not.
Two-thirds of the 516 small- and medium-sized businesses polled do not provide data protection training for staff, while nearly half do not have anyone specifically employed to ensure legal compliance – despite the law stipulating that all organisations dealing with personal information must have someone assigned as a data controller.
And 18 per cent of respondents said data protection was less important during the economic downturn, despite the continuing bad publicity surrounding data-loss incidents.
“The five million small- and medium-sized businesses in the UK form the backbone of the British economy. These organisations are handling vast amounts of personal information on a daily basis, and while it is encouraging that some already have appropriate data protection measures in place, this survey shows that there is still a long way to go,” said Mike Low, director of standards at BSI.
The BSI has today launched a new British standard for data protection to help firms achieve best practice and regulatory compliance.
The BS10012 standard provides the framework for effective management of personal information. It can be used by organisations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.
“A third of businesses we surveyed stated that the complexity of the legislation restricts their compliance with the DPA,” said Low.
“BS10012 addresses this and many other issues, providing organisations with a framework for maintaining and improving compliance.”