It is important to have adequate data protection procedures are in place to protect the data of customers you hold for legal reasons and for the reputation of the company. If a fraudster was able to fool your systems and steal sensitive customer information like credit card details it is going to have a severe impact on the public perception of the company.
The rules for data protection compliance are first off consent. Always ensure you obtain consent before acquiring, using or holding personal data. Next individual rights - Individuals have the right to see any personal information held on them so bear that in mind when recording information and sending e-mails. Sensitive information cannot be held without a strict reason for doing so, that includes race, sexuality, religious beliefs and physical or mental health.
Other key points to remember are to review files regularly so information is only retained when absolutely necessary, securely dispose of information no longer required. When disposing of records shred paper files and delete out of date electronic files.
If you want to use the information in departments in other countries be aware than consent must be sought from the individual first, also ensure you treat information with utmost confidentiality when using third party providers, in that it is kept securely and complies with the data protection act.
Data protection is a huge deal these days. Ensuring you have a solid data protection policy in place will make sure you are only keeping necessary information as well as protecting customers and the business from scams by employing a strong security system. There have been many high profile fraud cases hitting the press; no one wants to be at the center of a scam attack. There are regular fraud and scam prevention seminars taking place that arm you with the most up to date information to keep you one step ahead of the fraudsters.
