Today is Data Privacy Day! It’s been taking place annually on the 28th of January since 2007, and this year is no different. As you may have worked out already, data privacy day is all about protecting and maintaining your privacy, especially in the online world. One of the main focuses of the day is raising awareness of data protection requirements and best practices, so we thought we’d talk about some organisations and laws that help to do so.
- If you’re a UK business and store any customer information, you need to register with the ICO
- If a user types payment card information into your website, you are required to be PCI DSS compliant
Data Controllers & The ICO
The Information Commissioners Office (ICO) is interested in upholding rights with regards to information and does so in the public interest. It keeps track of businesses that are storing personal information (data controllers), deals with enquiries and complaints, and encourages bodies to comply with particular laws such as the Freedom of Information Act and the Data Protection Act.
The Data Protection Act stipulates that “every organisation processing personal information” must register as a data controller with the ICO (unless you are exempt), so make sure you do so if this applies to you! The responsibilities of a data controller cover things such as making sure you’re not holding onto data for longer than necessary, and that you are only recording information for the reasons specified to the ICO upon registering as a data controller.
The ICO can also provide you with help and advice on ensuring you’re upholding your responsibilities as a data controller. We highly recommend filling out the self assessment provided by the ICO to help you determine if you need to register with them.
PCI DSS Compliance
Payment Card Industry Data Security Standard (PCI DSS), and compliance is all about certifying that your company is handling payment card data in a safe and secure manner. It’s purpose is to try and improve the security of the online payment process, at the benefit of both the merchant and consumer. If your website or application accepts, transmits or stores payment card information, then you must be PCI DSS compliant.
There are different levels of compliance which you must meet depending on how many payments you process and the way in which you do so. If you’re using a payment gateway, such as SagePay or PayPal, which redirects users to an external page, then you probably only need to to fill out a self-assessment questionnaire to gain compliance. You can find that questionnaire here.
If you don’t meet the standards, then you’re leaving yourself open to the possibility of very hefty fines and damage to your brand image. Setting up and securing your servers to aid in meeting the standards is something that we at Dogsbody Technology are perfectly suited to, so please get in touch if you have any questions or think that we can help!