How not to get caught out and be IT compliant
Andrew Bricknell covered the basics of software licensing and data protection compliance within the practice arena in his lecture given for the Management Stream at BSAVA Congress.
He started by discussing software licensing pointing out that keeping within the law in this area is a minefield as the requirements are very confusing. He emphasised that you should always purchase from an authorised software provider and always read the small print when installing it.
Software licenses always have conditions applied to them, they will specify how many copies you may have and what sort of organisation can use the software. It is also important to have the correct license depending upon whether you are using traditional desktop/ server applications or cloud or hosted software via the internet.
It is important to buy software from a recognised source as illegal software can expose you to viruses and Trojans as well as prosecution if the original provider discovers that you are using their product illegally.
Consolidate all your software, keep a register and appoint a person responsible. Make your software work for you have a policy manual for employees, enforce the rules as well as continually updating them.
Andrew then went on to talk about data protection. The Data Protection Act 1998 is the key piece of legislation relating to how your business uses data and applies to personal information that you store in your systems. Any information you gather must be accurate, up-to-date and deleted when no longer needed.
Data must be secure at all times and only accessible to people who have the permission to see it. Individuals must also have permission to pass it on to another source and staff must not discuss it with people not allowed access to this confidential information.
Clients have the right to see their personal data but you can charge them £10 and have 40 days in which to provide it. They can also ask for their details to be altered.
A data breach can lead not only to business reputation damage but also legal action. Therefore it is important to practice good data protection - identify it, store it and be able to retrieve it. Put systems, procedures and policies in place to reduce the chance of a data protection breach.
Delegates were then told about the new EU General Data Protection Regulations which will come into force in May 2018. Even with Brexit on the horizon, these regulations will still affect UK businesses and we need to be prepared. Failure to comply could lead to fines of up to four per cent of a businesses global turnover.
The regulations dictate the type and the processing of personal information that a business can hold and they will affect every member of staff all of whom will have a responsibility for ensuring personal data protection within the business.
This is a very complex field and Andrew advised the audience to seek advice from their software providers so that they could ensure that they are fully compliant within the next 15 months.