Your customers and employees need to be able to trust you with their personal information or, as the law calls it, their personal data.

Data protection law 

The law on data protection says what you should do when you collect, use, store or do anything else with people’s personal data. So you need to check whether data protection law applies to your business. You can do this by taking the self-assessment below.

Why is data protection important? 

Your customers, employees and other individuals need to be able to trust you to look after and use their personal data properly and safely. Knowing they can trust you is good for your business.

Complying with the rules is also legally required.

Does the law apply to my business?

Take the self assessment to find out

Why can’t the ICO just tell me exactly what I need to do?

That would be good but there are millions of small businesses in the UK, in many different sectors. They collect different types of personal data from a wide variety of customers, staff and other individuals for many different reasons in many different ways. So it’s impossible for the ICO to produce a to-do list that would be right for every small business. 

But you know your business better than anyone else. So, by making use of our resources and advice, you should be able to work out how to comply with the new law.

If your sector has a professional association or trade body you should look at what information they’re producing about the new law.

How can I comply with the law?

The ICO has a range of resources and support you can use to make sure you are complying with the law.

The below self assessment checklist has been created with small business owners and sole traders in mind. It will help you improve your understanding of data protection and find out what you need to do to make sure you are keeping people’s personal data secure. Once you have completed the checklist a short report will be created suggesting some practical actions you can take and providing links to additional guidance you could read that will help you improve your data protection knowledge and compliance.


We also have:

FAQs for small businesses