After attending the open cloud keynote speaker at Microsoft Future Decoded 2017, it is astonishing how Microsoft and its old enemy Linux have become friends.

Let’s be clear how much things have changed – in 2001 Steve Ballmer said that:

“Linux is a cancer that attaches itself in an intellectual property sense to everything it touches”

Now we have this:

This is a penguin that back in 2001 Steve Balmer would have ripped the heart out of and eaten.

While it is astonishing to witness such a shift in views from Microsoft towards its former rival, it makes sense. With the birth of major cloud providers and the types of services they offer, the competition has changed. Microsoft is no longer worried about little things like operating systems, making phones or competing with the likes of Oracle -and why should they be? Microsoft, Amazon and Google are the major cloud players and the more inclusive they are the better services they can offer.

This is why 40% of VMs in Azure are Linux and this number is growing. After all, for things like number crunching and High-Performance-Computing you can’t beat a bit of Linux. Which is probably why Microsoft are rapidly becoming a leading contributor to all things Open Source. For example, by working closely with Ubuntu to ensure that the Linux Operating System is optimised to run in Azure’s Hyper-V environment and the fact they are now the number one GitHub contributor.

If Microsoft had refused to incorporate Linux into Azure, I don’t think it would be one of the market leading public cloud providers that it is today. Well, they would have 40% less VMs for starters.

So, what does this mean for us? Well, it means that more people are working together to give us access to the best technology. Technology that most of us would never have had access to and now we can rent for a few shillings an hour. It is truly an exciting time for technology.

If you would like to talk to an expert about harnessing the power of the cloud, get in touch today.

 

Talk to an expert

You may have heard this topic shouted from the rooftops in certain circles and spoken in hushed tones in dark server rooms in others. Despite complex and conflicting opinions, a company’s view on data centre modernisation boils down to knowing what it means and how forward-thinking their digital strategy is.

All companies strive to be ‘innovative’. With so many claiming to offer the same, how can you distinguish yourself? Though some may be hesitant to embrace change, a modern data centre will help you become innovative. Here’s how.

It can’t be denied or ignored that the world is becoming more digital. To fight the competition (and prevail) you need to be on the front foot with your technology, to ensure you have the upper hand as the business and technological landscape around us develops.

What does a modern data centre have to offer? The answer is lengthy and will always continue to change. Reason being a modern data centre is always at the bleeding edge of technology, in the sense that previously a virtualised infrastructure was once classed as the modern datacentre (and is still a key factor now) but many technological advancements have happened since then which businesses need to have to flourish and stay ahead of the game.

To achieve this some form of cloud must be used, the reason being there is no way businesses are able to gain access to these technological advancements without the use of it. Unless you have the similar technical expertise in-house and a budget of equivalent size to Microsoft, Amazon or Google you will not even get close to what others are doing in that space. If you can’t beat them, join them.

The 4 benefits of data centre modernisation are:

1. Autonomy of scale

Autonomy means freedom from external control or influence. The ability for a business to scale is key, all businesses want to grow and fulfil their potential, this can be hindered if your IT doesn’t allow this to happen easily. Also when talking about IT scale you need to be able to scale down as well as up, reason being all businesses experience fluctuations based on market trends, seasons etc. meaning your IT does not always need to be at full pelt during low periods as the demand isn’t there. If you can’t scale down, you’re just burning money and reducing your overall profit that year when you could be allocating further resource where the business needs it.

2. Reduced Management

Businesses that excel are the ones that innovate, how can you disrupt like Uber and Airbnb if the people who know what’s possible are always too busy keeping the lights on and maintaining rather than innovating? A modern data centre removes as much maintenance and administration as possible. From reducing the amount of hardware you have onsite, to removing the need to manage everything but the application itself. This will free up staff’s time to focus on the innovation required to beat your competitors.

The best way to sum this up is ‘Pizza as a Service’. It becomes cheaper and less time intensive when you move from on-premise to SaaS. 

You do manage the knife and fork, but people tend to like feeding themselves.

This analogy for common cloud services known as IaaS, PaaS and SaaS demonstrates how a modern data centre reduces the amount of input required from your business to obtain a service. In the image below you can see how much time, money and effort can be alleviated from IT.

3. Security

Often an objection to utilising cloud services but in most scenarios a key factor on why you should move to the cloud. The UK Governmental Department for Digital, Culture, Media & Sport and National Cyber Security Centre said in a publication that almost half of all UK firms have been hit by a breach or cyber attack in the past year. It’s a sobering thought and that figure is going to rise as methods of attack evolve.

So, how can you ensure your business is safe as the threat continues to grow?

Microsoft continue to invest over 1 billion dollars a year on cyber security making the likes of Azure and Office 365 some of the safest technologies on this planet. This further reduces the amount of time your business needs to spend thinking about cyber security, allowing more time to focus on business evolution.

4. Technological evolution

Technology is advancing at a rapid rate, if you can’t keep up you will be left behind. A modern data centre’s definition is that it is always at the precipice and bleeding edge of technology, Azure puts that directly at your fingertips.

So, what are you waiting for? Being innovative is all about embracing change that could propel your business forward. Still not convinced. See how much you could gain:

Source: The total economic impact of Microsoft Azure Infrastructure as a Service, June 2017.

 

To find how data centre modernisation can help your business download our whitepaper, or if you’d like to speak to one of our Azure Experts complete the form below. 

Talk to an expert

Microsoft Azure is great. We know that and if you’re reading this then you probably already know it too. However the challenge many customers have is tracking and planning spend.

You may set out using Azure with a clear cut budget and expected usage but this can change. Data can grow in unexpected ways and additional Azure workloads can easily be added. With many providers, the first time you see how much you’ve spent is when your invoice arrives. However, in this scenario, you have no opportunity to gauge your spend during the month or amend your usage to bring this spend within budget.

This is one of the reasons we’re launching My Azure, a tool available through our customer portal, PROVIDE™ to give a detailed breakdown of Azure spend.

My Azure is all about providing visibility and, therefore, control of your spend during the month.

Optimise Azure

With Cloud Direct’s My Azure dashboard, you can view your Azure spend as it’s consumed. Every single aspect of your Azure usage is broken down to provide clarity about where different costs are coming from, even down to individual virtual machines. This knowledge is particularly valuable as it provides an opportunity to review virtual machine sizes, or even automate a shut down outside of business hours to optimise your Azure.

Forecasting Azure spend

The My Azure dashboard, goes one step further – it will even project your total months’ costs based on current usage, helping you see forecasted spend for the month.

Planning spend for development projects

For companies with development teams, controlling and understanding  the cost of test environments is important to understanding your business’ total outlay. This can be particularly difficult for testing and development projects when as usage is sporadic. With My Azure, you’re able to quickly and easy drill down into the detail of your Azure estate and costs giving you further control and information to feed back into the business.

Cloud Direct Azure customers can also access their previous 12 months usage information, providing valuable insight to how your Azure spend has changed and to help future planning.

We will be launching My Azure at this year’s Microsoft Future Decoded event so if you’re attending visit us on stand 9 for a demo. If you can’t make the event then please get in touch and one of the team would be happy to show you a demo of the portal.

Having recently returned from playing in the Women’s Rugby World Cup, we took some time to talk to our Business Development Manager, Vickii Cornborough, ahead of her Q&A at Future Decoded 2017.

Vickii, plays for both England and Harlequins Ladies in the Prop position. Having been playing rugby since the age of five, her passion for the sport is evident; as she juggles both this career and her career at Cloud Direct.

So Vickii, straight from the Women’s Rugby World Cup to Future Decoded 2017. We would love to know how you balance having two, very different careers?

It’s not hard to balance the two careers I have, I genuinely love and enjoy both my rugby career and my career with Cloud Direct. Time management and good communication is key – ensuring I set the right expectations with both jobs. It means my bosses know my timetable, so they know what I am doing on a particular day, at a particular time.

There are of course challenges as well. This last year alone I have been to 5 different countries, including a tour to New Zealand. But I am lucky to have a very flexible job here at Cloud Direct. The technology we both use and sell lets me work from any location, at any time. Skype for Business is certainly a life saver!

Coming to Future Decoded 2017 is very exciting as Cloud Direct are launching their brand new Azure and Azure Site Recovery dashboards.  It will also give me a chance to network and connect with businesses looking to define their digital strategy.

Which skills overlap between your job at Cloud Direct and your job on the pitch?

My competitive nature definitely comes out both in my role within Cloud Direct and on the rugby pitch. I strive to be the best in whatever I am doing. My drive for constant self-improvement helps day to day for me to get the best outcomes for our clients.

Leadership skills and being able to work well as part of a team on the rugby pitch are a must. I find both of these skills are vital in my role at Cloud Direct as well – where I work with different departments, clients, partners and management.

After a big rugby match, how do you like to recover from the mental and physical strain?

Well, taking time to recover is key to being a professional or elite athlete. I am extremely lucky to have support teams to guide my recovery protocols. After a big game, the Medical team may instruct ice baths, pool sessions or Watt bikes, as part of the recovery process. Getting enough rest time is another important recovery factor – I enjoy my sleep.

Do you have any advice for anyone with a fulltime job, who would like to also pursue a career in sport?

Regardless of which career you are looking to pursue, the best advice I could give, even if it does sound cheesy, is to believe in yourself and you will achieve your goals. With this mindset, you can achieve anything, no matter how hard it is or how long it takes to get there.

If you would like to hear more from Vickii and learn about how your business can benefit from transformational cloud technologies, come visit stand 9 at Future Decoded 2017! If you can’t make it, then please complete our form below.

Future Decoded gets bigger and better every year. If you want to make informative decisions about your journey to the cloud you can’t afford not to be there.

Future Decoded is one of Microsoft’s flagship events. It looks at the cutting edge of what’s coming and helps businesses make the most of what is available now. The event is split into two streams to cover strategic business planning and deep technical.

Attending the event is a must for any company that wants to understand and reap the benefits of Microsoft cloud.

And, if that wasn’t enough, we have a heap of exciting things going on at the event. Firstly, we’ll be launching our transformational Azure and Azure Site Recovery (ASR) dashboards.

The Azure dashboard is unique in the market. It provides the information needed to plan and optimise your Azure environment. Features include a detailed breakdown of spend and forecasts of future spend.

Our ASR dashboard is also unique. It allows you to manage your Disaster Recovery as a Service and automate regular testing – giving you confidence your disaster recovery will always work when needed.

We’re hugely excited about the impact these tools will have on a company’s adoption of cloud. That’s why our attendance at Future Decoded 2017 is extra special!

Our theme this year is sport. You can find us on stand 9, along with some excellent giveaways such as rugby tickets and footballs. We’ve got a lot going on so get involved!

Cloud Direct fixtures:

Tuesday 9.45 – Will Rowley, our Microsoft Engagement Manager, is joining a panel of experts to discuss data centre modernisation. He will build on his experience helping customers transform their business and talk through a proven methodology. Session room 17. Click here for more.

Tuesday 13.00 – Vickii Cornborough, England & Harlequins women’s rugby star, and Cloud Direct employee, will be taking part in a Q&A on our stand about her experience at the Women’s Rugby World Cup.

All day – Visit our stand to play virtual reality sports games to ‘test your safe hands’. You also have the chance of winning your choice of sports shirt.

All day – We’ll be demonstrating our new Azure and ASR dashboards all day and our consultants will be on hand to discuss how the tools can help your business.

Wednesday 13.30 – Stuart Hooper, Performance and Development Director at Bath Rugby will be discussing the role of data in sport. Stuart who played professional rugby for Bath, Saracens and Leeds will be talking about how access to data can transform a clubs performance. Orange Theatre. Click here for more.

Wednesday 14.00 – Stuart Hooper will be back on our stand to answer questions after his talk in the Orange Theatre.

There is lots to get involved in and we look forward to seeing you there.

Couldn’t make the event? Don’t worry! Our team are happy to give you a demo of the dashboard. Simply complete the form below and a member of our team will be in touch with you shortly.

If your Disaster Recovery (DR) provider isn’t compliant with the new General Data Protection Regulations (GDPR), it could render you non-compliant, too. This blog lists seven critical areas where your provider must be compliant so you avoid the wrath of the ICO next year,

GDPR breaches, once the new law comes into force on 25^th May 2018, could cause considerable damage to all size of businesses and organisations. For serious violations, businesses risk fines of up to £15.8 million or four per cent of turnover (whichever is greater). For lesser incidents, they will be subject to a maximum fine of either £7.9 million or two per cent of their organisation’s global turnover (again, whichever is greater).

To put this in context, the £400,000 penalty the Information Commissioner’s Office (ICO) fined Talk Talk would translate into £59 million under GDPR next May. A sobering thought for businesses not yet addressing GDPR.

How is GDPR relevant to disaster recovery?

Businesses must have adequate DR provisions in place to comply with article 32(1) of the GDPR , to make sure their data is well managed, organised and protected. It states:

“Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

(a) The pseudonymisation and encryption of personal data

(b) The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services

(c) The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

(d) A process for regularly testing, assessing and evaluating the effectiveness of technical and organisation measures for ensuring the security of the processing”

 

If you’d like to find out more about how Azure site recovery can help prepare your business for GDPR, or for other GDPR/compliance solutions and certification, our GDPR consultants can help. Simply complete the form below and a member of our team will be in touch with you shortly

Business and IT leaders are asking “How can I be competitive in the digital age?”, “How do I kick-start my business for digital transformation?”

It’s natural to look immediately at technology as your starting point. But that would be jumping the gun. To win this race, you’ve got to start with your people and let the technology follow.

Empowering employees to work how and where they want to will immediately improve communication and collaboration, so your business is in a stronger place for the next stride towards digital transformation. This white paper, “How to prepare your business for digital transformation”, explains what you need to do keep your people mobile and productive without risking security.

“It’s not the tools you have faith in. Tools are just tools — they work or they don’t work. It’s the people you have faith in or not.” – Steve Jobs

Business strategy and digital transformation

Ambitious organisations today want to drive growth from existing products and services while developing new growth revenues. They want to do this without risk, remaining compliant with industry and data regulations, such as the May 2018 General Data Protection Regulations (GDPR).

In the race for digital transformation, it can be tempting to try to sprint ahead and first start looking at your business in relation to the more complex areas of digital transformation – such as big data analytics, machine learning or the Internet of Things.

But that could trip you up at the starting block. Why? Because digital transformation starts with changing how people work. It’s more a question of business culture. It’s about creating a digital workplace that empowers employees so they can communicate productively and securely across the business – on the device of their choice, wherever they happen to be.

The workplace barriers to digital transformation

Before you start looking at how technology can transform your workplace, you first need to address your business culture and leadership mandate.

“55% of staff believe the biggest barrier to digital transformation is having no perceived need for change.”

“62% of staff feel that not having a leadership mandate is the biggest barrier” – survey conducted by Organic, the marketing agency

Digital transformation starts with the employee experience, which is where company culture is key. A people- rather than IT-centric approach is needed. Not least because the technology aspect is constantly evolving. And technology is only ever as good as the processes implemented around it, just as processes are only as good as the people who execute them.

People’s behaviour is changing. They see there are better ways to organise their personal lives, their culture and their work. It isn’t the actual technology that’s driving change, it’s how technology is allowing people to do things better. To get things done better and faster, and more collaboratively.

Are your business leaders holding back your digital transformation?

An eConsultancy report claims that three-quarters (75%) of businesses think that strategic digital priorities and direction of companies are the responsibility of the senior management.

“The CIO is most likely (60%) to be the driving force behind an organisation’s digital strategy.” – The Cloud Industry Forum.

But could these leaders be the very ones holding back the business? Nearly two thirds (62%) of staff surveyed by Organic believed the greatest barrier to digital transformation is not having a leadership mandate.

It’s crucial that the leadership team introduces and supports agility in the business – and this means driving a digital strategy as the foundation of your business transformation. Leaders should nurture fast, cross-functional, experimental and self-directed teams – across departments, sties and geographies. Employees must be communicating, collaborating and mobile. And, with nearly two thirds (60%) of small-medium organisations going out of business after a cyber-attack, it’s important to address security.

Cloud technology driving employee empowerment

To address these digital transformation fundamentals for small-medium organisations, we worked with Microsoft to develop Microsoft 365 Business. It is one single, easily consumable cloud-based product that allows businesses to establish a productive, mobile and secure working environment that aligns with digital transformation goals. It gives employees the freedom to use their preferred devices without risking the security of business data.

It combines the best of Office 365, Windows 10 and Enterprise Mobility + Security, helping business be more productive, mobile and secure.

1. Microsoft 365 for people productivity

The business can communicate, collaborate and meet seamlessly using applications such as Exchange Online email, Skype for Business conferencing, Yammer for corporate social networking and Microsoft Teams.

2. Microsoft 365 for BYOD and employee mobility

Employees can work productively anywhere, on their favourite devices. They can create, share and edit documents in Word and Excel, with real-time syncing so they’re always working on the latest versions, no matter’s who’s been working on them.

“With Microsoft 365, we now all enjoy working from our preferred machines and devices – whether we’re in the office or not”. – Sebastian Aililaoie, group digital manager, The Association for Consultancy & Engineering

3. Microsoft 365 for data security

Windows Defender secure the business against malware and ransomware attacks. It has built-in protection for Office mobile apps, device management for Windows 10 PCs and selective wipe of company data should a device be lost or stolen.

It keeps business and personal data separate by preventing users from copying content from Office apps like Word across personal devices. It also forces users to save work documents to OneDrive for Business and encrypt them. It allows for a consistent security configuration profile across all devices. And because Microsoft 365 is an all-in-one product, fragmented IT is no longer a security risk.

To find out more, fill in the form below for your copy of the white paper: “How to prepare your business for digital transformation”.

As the countdown continues to the May 2018 deadline for GDPR compliance, businesses are urgently looking at how IT can support their GDPR goals. The big questions they are asking are: What is my path towards GDPR compliance? How much will GDPR compliance cost my business? Will it hold us back? Find out how Microsoft Office 365 can support GDPR compliance while setting you up for increased productivity and growth.

“Keep your face to the sunshine and you cannot see a shadow.” ~ Helen Keller

GDPR: what you need to think about

It’s understandable to feel a bit overwhelmed with the looming shadow of the General Data Protection Regulations (GDPR) kicking off for serious in May 2018, with all the potential financial and reputational repercussions for non-compliant organisations. But what if this cloud has a silver lining?

Once you’ve grasped (hopefully sooner rather than later) that Brexit is likely to have zero impact on GDPR, you’ll need to consider the implications of GDPR on your business in the following terms:

• What is your path to GDPR compliance?
• What investment is required?
• What do you need to change – particularly in terms of IT and data?

The cloud paradox

While a handful of traditional IT users may remain sceptical about the compliance and security advantages of cloud IT, the ambitious financial and professional services have been investing in it for years. And cloud software and services continue to get better and better as more people are moving more areas of their business to the cloud. Initially, perhaps, to address regulatory requirements for better business continuity, then to improve productivity, and finally to have a more agile business with cloud infrastructure itself.

So, here’s the thing. With Office 365, you can address the first two of those stages when it comes to addressing GDPR compliance and increasing your people productivity.

How Office 365 helps increase productivity

Let’s briefly look at the productivity aspect. Microsoft Office 365 gies you access to your business email, shared calendars, instant messaging, conferencing and file collaboration – wherever you happen to be. And the security aspects that address GDPR issues – more below – mean that your business can embrace BYOD, allowing your people to work on their preferred devices. All of these elements lead to a happier and more productive workforce, who can communicate and collaborate wherever and however works for them. And this is the key part – all without putting your customer and business data at risk from non-compliance fines from the Information Commissioner’s Office (ICO) and the inevitable reputational damage that ensues when word gets out.

How Office 365 helps address GDPR compliance

Office 365 helps you with three key aspects of GDPR compliance. It helps you:

The Data Protection Act 1998 establishes a framework of rights and duties which are designed to safeguard personal data. This framework balances the legitimate needs of organisations to collect and use personal data for business and other purposes against the right of individuals to respect for the privacy of their personal details. The legislation itself is complex and, in places, hard to understand.

However, it is underpinned by a set of eight straightforward, common-sense principles. If you make sure you handle personal data in line with the spirit of those principles, then you will go a long way towards ensuring that you comply with the letter of the law.

Does the Data Protection Act apply to me?

This might seem an obvious question. However, the Act applies to a particular activity – processing personal data – rather than to particular people or organisations. So, if you “process personal data”, then you must comply with the Act and, in particular, you must handle the personal data in accordance with the data protection principles. Broadly, however, if you collect or hold information about an identifiable living individual, or if you use, disclose, retain or destroy that information, you are likely to be processing personal data. The scope of the Data Protection Act is therefore very wide as it applies to just about everything you might do with individuals’ personal details.

Do I need to notify the Information Commissioner?

If you are processing personal data you usually have to notify the Information Commissioner about this. Failure to notify is a criminal offence.

Notification is how an organisation informs us of certain details about its processing of personal data. The Information Commissioner is required to maintain a register and we use these details to make an entry in the register describing the processing.

The main purpose of notification and the public register is transparency and openness. It is a basic principle of data protection that the public should know (or be able to find out) who is processing personal data, plus other details about the processing (such as why it is being carried out).

So notification serves the interests of individuals by helping them understand how organisations process personal data.

However, it is not intended (nor practical) that the register should contain very detailed information about an organisation’s processing. The aim is to keep the content general, with enough detail to give an overall picture of the processing. You only need to give more detail to satisfy specific statutory requirements or if there is particular sensitivity.

The Act provides an exemption from notification for some organisations. The exemption is available for:

• organisations that process personal data only for:
  • staff administration (including payroll);
  • advertising, marketing and public relations (in connection with their own business activity); and
  • accounts and records;
• some not-for-profit organisations;
• organisations that process personal data only for maintaining a public register;
• organisations that do not process personal information on computer; and
• individuals who process personal data only for domestic purposes.

Are there any other exemptions from the Act?

The Data Protection Act contains a number of other exemptions from the rights and duties in the Act. You must process personal data in accordance with the Act unless one of these exemptions applies.

The exemptions either allow for the disclosure of information where there would otherwise be a breach of the Act or allow information to be withheld that would otherwise need to be disclosed. They are designed to accommodate special circumstances, for example when processing personal data:

• in connection with criminal justice, taxation or regulatory activities;
• that is required to be made public;
• where disclosure is required by law or is necessary for legal proceedings; or
• to provide a confidential reference.

It is important to note that each exemption is intended to apply only in very specific circumstances. So just because, for example, you are using personal data in connection with the criminal justice system or for regulatory purposes, you cannot disregard the whole of the Data Protection Act.

Even if you are entitled to an exemption for your processing, this will not be a blanket exclusion of the rights and duties in the Act. You will need to look at the exemption carefully, in the light of your particular circumstances, to see what effect it has.

Do I have to reply to a subject access request?

Yes, unless an exemption applies. One of the main rights which the Act gives to individuals is the right of access to their personal data. An individual may send you a “subject access request” requiring you to tell them whether you are processing their personal data and, if so, to provide them with a copy and with certain other information.

In most cases you must respond to a valid subject access request within 40 calendar days of receiving it. However, you do not have to grant subject access in respect of personal data to which an exemption applies. An exemption might apply because of the special circumstances in which you are processing (see previous page) or because of the nature of the data. This is sometimes the case, for example, with data relating to an individual’s physical or mental health.

In addition, certain restrictions similar to exemptions are built into the Act’s subject access provisions. For example, there are restrictions on the disclosure of personal data about more than one individual.

Subject Access Request Summary

What should I do if an individual complains about what I am doing with their personal data?

You should carefully consider such a complaint. It is good practice to provide a reasoned response to all complaints and, depending what the complaint is about, the Data Protection Act may require you to do so. The Act may also require you to stop, or change, what you are doing with an individual’s personal data following a complaint. In particular, you might have to:

• correct or delete information about an individual which is inaccurate;
• stop processing their personal data for direct marketing; or
• stop processing their data completely or in a particular way (depending upon the circumstances).

What does “fair processing” mean?

The first data protection principle requires you to process personal data fairly and lawfully. Ensuring fairness in everything you do with people’s personal details is central to complying with your duties under the Data Protection Act. In practice, it means that you must:

• have legitimate reasons for collecting and using the personal data;
• not use the data in ways that have unjustified adverse effects on the individuals concerned;
• be open and honest about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;
• handle people’s personal data only in ways they would reasonably expect; and
• make sure you do not do anything unlawful with the data.

Fairness generally requires you to be transparent – clear and open with individuals about how their information will be used. Transparency is always important, but especially so in situations where individuals have a choice about whether they wish to enter into a relationship with you. Assessing whether the information is being processed fairly depends partly on how it is obtained. In particular, if anyone is deceived or misled when the information is obtained, then this is unlikely to be fair.

What is a privacy notice?

One of the requirements of the Act’s fair processing provisions is that certain information is given to the individuals concerned. The oral or written statement that individuals are given when information about them is collected is often called a “privacy notice” or a “fair processing notice”.

In general terms, a privacy notice should state:

• your identity and, if you are not based in the UK, the identity of your nominated UK representative;
• the purpose or purposes for which you intend to process the information; and
• any extra information you need to give individuals (in the circumstances) to enable you to process the information fairly

When deciding how to draft and communicate a privacy notice, try to put yourself in the position of the people you are collecting information about. Ask yourself:

• do they already know who is collecting the information and what it will be used for?
• is there anything they would find deceptive, misleading, unexpected or objectionable?
• are the consequences of providing the information, or not providing it, clear to them?

Can I use personal data for a new purpose or disclose it to a third party?

It depends. You should explain why you want to use an individual’s personal data at the outset, based on your intentions at the time you collect it. If over time you devise new ways of using that information, perhaps because of changes in technology, you will be able to use their personal data for the new purpose if it is fair to do so.

As you develop the goods and services you offer, you should think about whether your customers are likely to reasonably expect you to use their personal data to offer them these products. If you are unsure about this, you should explain your intentions and, at the very least, give your existing customers an easy way to opt out. If you intend to make a significant change to what you do with personal data, you will usually need to get your customers’ consent.

Individuals should generally be able to choose whether or not their personal data is disclosed to another organisation, unless one of the Act’s specific exemptions applies. If you did not make your intention to disclose information to a third party absolutely clear at the outset, at a time when the individual could choose not to proceed, then you will usually need to get the individual’s consent before making such disclosures.

Can I send personal data overseas?

You may transfer personal data to countries within the European Economic Area on the same basis as you may transfer it within the UK. However, you may only send it to a country or territory outside the European Economic Area if that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to processing personal data.

Must I encrypt all the information I store on computer?

Not necessarily. The Data Protection Act does not require you to encrypt personal data. However, it does require you to have appropriate security measures in place to guard against unauthorised use or disclosure of the personal data you hold, or its accidental loss or destruction. Encryption might be a part of your information security arrangements – for example, in respect of confidential personal data stored on laptops or portable storage devices. On the other hand, you might not need to encrypt data which always remains on your premises, provided you have sufficient other controls on who can access it and for what purpose. Even where you do encrypt personal data, you will probably need to take additional steps to comply with the Act’s information security requirements

What should I do if I lose personal data?

If, despite the security measures you take to protect the personal data you hold, a breach of security occurs, it is important to deal with the breach effectively. The breach may arise from a theft, a deliberate attack on your systems, the unauthorised use of personal data by a member of staff, accidental loss, or equipment failure. However the breach occurs, you must respond to and manage the incident appropriately. You will need a strategy for dealing with the breach, including:

• a recovery plan, including damage limitation;
• assessing the risks associated with the breach;
• informing the appropriate people and organisations that the breach has occurred; and
• reviewing your response and updating your information security.

Published with thanks to the Information Commissioner’s Office.