Topic overview

Data protection and IT

Data protection and IT

The increasing sophistication of mobile devices, data and data collection methods combined with 'always-on connectivity' means IT plays a role in almost every business - no matter how small. As technology has evolved within business, so has IT law and it touches on all sorts of activities, from purchasing IT equipment to the way employees use technology.

IT laws

Most individuals and businesses now have an online 'digital footprint'. We use our  data - be it business or personal - to access everything from bank accounts to email, online shopping and social profiles. The law has evolved to protect the rights and data of individuals and businesses with growing concerns over privacy including the introduction of GDPR (the General Data Protection Regulations) back in 2018.

Other regulations relating to the internet, such as restrictions on 'spam' email and protection for online consumers, have become increasingly important (these are covered in our 'Sales and marketing' section). Most businesses interact with customers online in one way or another, whether through an ecommerce site or social media profile. This means it's important you understand and comply with these and similar rules.

Remember also that other general business regulations can be applied to technology. For example, health and safety laws cover computer use, while intellectual property laws apply to software, databases, designs and copyright material on websites. Likewise, disability discrimination regulations apply just as much to services provided online as to retail premises.

IT contracts

IT systems and services can be complex - and often vital to your business. Whether you're purchasing IT, negotiating IT services or outsourcing some of your IT functions, clear contracts and enforceable service level agreements are crucial.

Establishing your objectives helps you ensure that the contract delivers what you want, rather than technology that fails to meet your needs. Contractual arrangements need to be carefully reviewed to ensure that they take into account technology-specific issues, such as software ownership and licensing.

Thoroughly considered project-management plans help minimise the disruption as new systems and ways of working are introduced. For example, new technology may need to be compatible with old systems or to run in parallel while bugs are ironed out. Again, appropriate contractual agreements can help anticipate issues and reduce risks.

IT policies

An IT audit can help you review how tech and data is used in your business and highlight any potential legal issues that may arise. Developing appropriate IT policies then helps you to manage these risks. They can also make it clear to employees what is and isn't permissible when using company equipment, email, social media and data.

As with other policies, realistic policy design and training are essential. Policies should aim to establish real ways of working rather than simply being exercises in paper-pushing. Technology can help in this - for example, by automating compliance (such as by providing effective data security) and preventing inappropriate use of IT.

Policies and their implementation will need regular review to assess their effectiveness. Policies will need to be updated to take into account emerging technologies, developments in IT and data laws and new ways of working such as online social networking and cloud computing. The right approach will allow you to manage the risks without missing restricting the potential new tech can offer your business to cut costs, increase productivity or increase engagement with new and existing customers.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.