Five steps to secure data

By Phil Brining

Data protection has been in the spotlight for the last few years as more and more cases of theft and security breaches occur. A recent study by Symantec found that consumers in the UK lack confidence in data protection, and believe that both businesses and the Government fail to do enough to protect them. One third of the people they polled even reported that they had intentionally used the wrong details because they feared using the right ones. The most important figure is that 89% of them said that security is a driver for what sites they chose to shop on.

Businesses can take five relatively simple steps to improve their data protection and ensure they give consumers confidence and the right experience.

The first step is to actually understand where data is stored. Some businesses use a range of different mediums to store information but the more of these you have the more risks you face. You’ll need a specific plan for each type of storage you use. Keeping this number to a minimum will help to reduce the potential for issues.

Next you should put a need to know policy in place. By limiting access you cut down on the number of people that are involved and the potential for errors. Access should be limited to people you trust and you should have systems in place to log who accesses what and from where.

The security of your network is very important, particularly when you consider that malware is changing daily and thieves are getting more and more sophisticated. You’ll certainly have a firewall and other protection in place but you need to make sure they are up to date and performing properly. The security coverage should also extend to mobile devices if you allow people to connect to your network with them.

A data management plan is essential and will help you to keep on top of records. You’ll need to have an idea of which details you must protect and how long you want to save them for. You should look at the vulnerabilities of your system and make sure these are the areas that you invest in protection. As well as electronic records consider paper ones and handle them securely. You must also account for the safe disposal of information.

The final thing to do is perhaps the most important; you need to educate everybody to make sure they understand the risks and their obligations. You can build a security culture where everybody takes steps to protect data and keep it secure. You also need to ensure you account for periodic upgrades and training so you stay up to date. Contact our expert team if you are in need of any assistance with your data strategy. We have the knowledge and experience you need to provide complete information assurance.

Contact Us

Send us a Message

Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here

Data Protection People Limited – March 2021