By Ben Weiner, CEO, Conjungo
The issue of compliance and the importance to adhere were again highlighted this week.
According to Channel finance specialist Syscap, SME’s are at risk of falling foul of the Information Commissioners Office rules about data protection and as a result are facing potentially hefty fines.
Syscap has noted that there have been 68 warnings given by the ICO over security lapses and small firms are likely to be among those caught if there is a crack down currently going on.
"Small businesses are increasingly falling foul of the ICO. It's clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously," said Philip White, chief executive at Syscap.
So far, the ICO has issued 15 fines worth £1.8m in the year to 30 June compared to six fines for a combined value of £431,000 in the previous twelve months.
Part of the problem is the use of emails for marketing purposes.
Email marketing should include your:
- company's name
- physical address
- e-mail address
- registration number
- registration place
- VAT registration number
Consent and Choice
You can only carry out unsolicited marketing (that is, marketing which has not
specifically been asked for) by electronic mail if the individual you are sending the message to has given you their permission.
There is an exception to this rule, which is known as the [/i]‘soft opt-in’[/i], which applies where:
- You have obtained the individual’s details in the course of a sale or the
negotiations for a sale of a product or service to that person;
- The messages are only marketing your similar products or services; and
- the individual is given a simple opportunity to refuse the marketing when
their details are collected and, if they do not opt out, you give them a
simple way to do so in every future message.
- The opt-out option should allow the individual to reply directly to the message
- Individuals can opt out of receiving marketing at any time and you must comply with any opt-out requests promptly.
Unfortunately, this is only a very brief summary so it would be a wise move to investigate further and perhaps take professional advice. Read more here.
Remember that compliance covers a wide range of potential issues and your and your company are responsible for many areas of your organsiation from technology and data security to content and how it is held and secured.