The ICO exists to empower you through information.

These tips have been written to help sole traders, one-person bands and people who work for themselves understand and comply with their data protection obligations. 

The freedom of being your own boss can be hugely rewarding, but there are also a lot of responsibilities that rest squarely on your shoulders.

In the same way that having a great accountant or carefully following health and safety regulations makes good business sense, complying with data protection law does, too. It shows that you care about people’s data and that you know how to run your business properly and legally.

We’re here to help you understand what you need to do to avoid the most common data protection mistakes. Here are our top three tips for sole traders and people who work for themselves. 

Tip one: Know what data you have

Even if you don’t think you use or keep a lot of data, you still need to know what personal data you have, so make a quick list of it if you haven’t already.

More info

You’ll probably have personal data saved on your smartphone, tablet or computer. This could be people’s names and contact details, email addresses or notes you’ve made about your customers that identify them personally.

You may not think you’ve got a lot of personal data at first, but once you start considering it and noticing all the places where it’s saved, it can quickly mount up.

Tip two: Tell people what you do with it

You need to let people know what you're doing with their data. The easiest way to do this is to have a privacy notice available, either in a hard copy or on your website (if you have one).

More info

People have a right to know what you’re doing with their personal data.

If you’ve not created a privacy notice already, use our privacy notice generator to make one today.

Many small business owners use third-party suppliers to provide them with a ready-made privacy notice. If you choose this route over making your own, be aware that you still need to know what it says. Your privacy notice sets out your commitment to the customers and clients who are trusting you with their personal data.

Tip three: Keep it safe

You have to protect people’s data from getting lost or falling into the wrong hands.

More info

Data security doesn’t have to cost the earth, but any business that wants to be trusted has to get it right.

Simple security measures could include:

  • storing paperwork in a locked cabinet or container;
  • making sure your door and window locks are working and used;
  • never leaving anything in a vehicle unattended;
  • putting strong passwords on all of your devices;
  • keeping your system’s anti-virus software up-to-date;
  • separating your business email account from your personal email account, rather than using the same one; and
  • being extra vigilant when sending or receiving emails – to help prevent sophisticated phishing attempts and scams.

If you use, store or share lots of data, or particularly sensitive personal data like health or political information, then you need to take some extra steps to keep it safe. At the most basic level, you could think about using a cloud service for electronic data or making secure back-ups so that everything isn’t lost if there’s a fire, flood or break-in.

The ICO works with the National Cyber Security Centre (NCSC) to help organisations protect personal data against cyber threats. Read their guide on actions to take when the cyber threat is heightened. They also publish a small business guide with five quick and easy steps to take to help save time, money and even your business’ reputation.