Do you have someone in your business who takes the lead for the security of your personal data? - Yes
Having someone to take the lead on your business’ information security should give you confidence that you’re taking good care of the personal data your staff and customers trust you with.
You should support them in their role by regularly reviewing and, where necessary, improving the support and resources available to them.
Have a plan in place for when this person is unavailable, as some issues can't wait.
If they move on, you need to choose someone to replace them. Train the new person and tell everyone in your business who they are and how to contact them.
Relevant staff should meet with the lead person regularly to review your security measures and discuss any problems they identify.
Where necessary, you should take action to reduce the risk of poor information security, for example by giving extra training to staff.