Data Protection is one of those areas where if you ask 10 different people “Do I need to be registered?” you’ll get 10 different answers. So we wanted to clear this one up: As a UK VA, you DO need to be registered.
Already registered? Click here to find yourself on the list and to find your registration number.
Firstly because you will be holding and storing data on your own clients. So that might be as simple as their email address to send them an invoice, or it might even be an all-singing and dancing CRM. It doesn’t matter – you still have a responsibility to them to keep that data secure. And therefore you need to understand what “secure” means and what would constitute a data breach.
Secondly your clients may well ask you to process data on their behalf, and as someone handling that data, you need to know best practice to protect your clients, but also to protect yourself. It is your phone number which will be reported to the ICO if you make unsolicited calls to TPS registered numbers.
Your data handling responsibilities:
- Who is responsible for the security of this data? E.g. removing unsubscribe requests, keeping details up to date, deleting old data, dealing with queries from those on the list about the data, making sure that only those who actually need the data have access to it within the organisation.
- Where has this data come from? E.g. has the contact actively opted in to receive this information?
- Access: Where is it stored? Who has access to that? So if it’s on an old computer, who makes sure it gets digitally wiped before being recycled? Do you make sure that no one else can access their private details (using BCC function/emailing programmes)?
At £40 a year, it’s not a massive financial burden, and it does give your clients confidence in your professionalism.
You can register here: https://ico.org.uk/for-organisations/register/