Helping you comply with your responsibilities to information rights in your small or medium sized business.
Data protection – looking after the information you hold
If you hold and process information about your clients, employees or suppliers, you are legally obliged to protect that information. Under the Data Protection Act, you must:
- only collect information that you need for a specific purpose;
- keep it secure;
- ensure it is relevant and up to date;
- only hold as much as you need, and only for as long as you need it; and
- allow the subject of the information to see it on request.
Data protection guidance for small businesses
- Getting it right: a brief guide to data protection for small businesses (pdf)
- Getting it right: small business checklist (pdf)
- Personal information online: small business checklist (pdf)
- A practical guide to IT security: ideal for the small business (pdf)
- A practical guide to IT security: ideal for the small business (Welsh language) (pdf)
- Training checklist for small and medium-sized organisations (pdf)
- Outsourcing - a guide for small and medium-sized businesses (pdf)
- Collecting information about your customers: small business checklist (pdf)
If you do telephone, email or other electronic marketing then you need to comply with the Privacy and Electronics Communications Regulations.
For further information for small businesses, see our direct marketing checklist or our guidance on direct marketing.