You need to protect your computer's data correctly to comply with the law.
Most people I meet at 4N events guess straightaway what we do, as the name is self-explanatory: EZ Backup. But their first question is, “Is it safe? I’d rather have my data where I can see it. I don’t trust the cloud.” Truthfully, my answer isn’t always the same, as when you start talking IT, many people glaze over, so I usually reply, “There are simply NO benefits of not backing up, so if you're going to backup it’s probably best to abide by the law, as stated in the DPA of 1998 - if you want to know more I would be happy to help.”
And here is the “more” bit:
All businesses generate data of some sort or other, be it information about employees or their customers. Here’s an example:
Ann Jones runs a HR consultancy from a home office with the help of a laptop and desktop computer. Every so often Ann backs up her data to an external drive, which is kept on the office desk, and she also uses Dropbox as an additional storage place. Great! Ann is backing up (at least Ann’s no relying on a USB memory stick), but does her plan meet with DPA? Probably not. So, if Ann hasn’t complied with the law, she will still be liable for any damages incurred and possibly fined up to £500,000 (even prison) by the ICO.
As a business owner, do you really want the worry of losing all your data or being caught not complying with the law. No of course you don’t, so make sure you understand the key considerations about data protection.
There are two basic parts to correctly protecting your computer’s data and therefore protecting your business. The first part is to physically backup the data (make a copy), and the second is to comply with the Data Protection Act. There is no point just backing up data if you don’t comply, as of course breaking the law is NOT good business practice.
As a guide to compliance, your backup should prevent data loss as a result of the following:
Therefore, do not keep your computer and backup together or use a device with a short lifespan (tape, external drive, USB stick) and make sure you regularly backup your data - once a day is the bare minimum. The easiest way by far to backing up data and complying to the law is a cloud backup service. With a good cloud backup plan in place you will address points 1-3, as the backup will be kept at a remote location and all maintenance and security will be taken care of.
The other point that is often overlooked is the location of your backup if your using a cloud storage solution. Location of the data is not just a physical one. US companies who store data regardless of the location are deemed to be outside the EU. So, even though some US cloud storage providers will make a point that they store data in Europe, the US government still legally controls it. Be aware that unless you have an agreement in place with your customers/employees to confirm they have given permission for their data to be stored outside the EU, you may also be in breach of the law.
So, doing nothing about your data protection is not an option. If you already backup your data but don’t comply then it shouldn’t take a great deal of effort to become compliant. Don’t forget that it’s not just YOUR backup plan that is important - make sure your customers and suppliers are as conscientious as you are and comply as well, as security is only as strong as the weakest link.