Good privay practice involves a lot of factors. The Guardian recommends a 101 practices and the OAIC has a top 10 tips for start-up businesses.
It really comes down to making sure all your data is encrypted and making sure that all the data collected is completely essential to your operations. This will minimise the risk and potential of a hack due to lack of reward.
It is also essential you get rid of all the unessential data on your hard drive. This includes data that you can have a physical copy of, and where there is no need to said data on your device.