Data Protection Policy small business // IT Management Solutions

Data Protection Policy small business

And Data Protection (CPDP)

Data protection – looking after the information you hold

If you hold and process information about your clients, employees or suppliers, you are legally obliged to protect that information. Under the Data Protection Act, you must:

  • only collect information that you need for a specific purpose;
  • keep it secure;
  • ensure it is relevant and up to date;
  • only hold as much as you need, and only for as long as you need it; and
  • allow the subject of the information to see it on request.

Good information handling makes good business sense, and provides a range of benefits. You'll enhance your business' reputation, increase customer and employee confidence, and by ensuring that the information is accurate, save both time and money.

Data protection workshops

Our programme of data protection workshops are for small to medium sized enterprises from various sectors ranging from charities to private companies. The events are aimed at staff or managers with limited practical experience of data protection working for organisations who have responsibility for processing personal data.

Requests for personal information

Your employees and customers have the right to see their personal information by making a subject access request.

Registration with the ICO

If you handle personal information, you may need to notify as a data controller with the Information Commissioner’s Office. Notification is a statutory requirement and every organisation that processes personal information must register with the ICO, unless they are exempt. Failure to notify is a criminal offence.


If you do telephone, email or other electronic marketing then you need to comply with the Privacy and Electronics Communications Regulations.

For further information for small businesses, see our direct marketing checklist (pdf) or see our guidance on direct marketing (pdf).


As an employer, you are obliged to protect your employees’ personal information. For more information, see:

Customer databases

If you buy and sell databases containing customers' personal information then you need to comply with the Data Protection Act.

You might also like

Don’t rely on ‘Uncle Sam’s’ help for retirement

by RetirementWarning

Twenty years ago, retirement was a time to look forward to and savor. But, today, we live in uncertain times. So, for most working adults, retirement has become very complex—requiring years of planning, a well-thought-out strategy, and a phase to be put off as much as possible.
We’re living more years in retirement.
Why? Company-sponsored pensions have all but become extinct. Thanks to medical advances and healthier lifestyles, people are living longer. In the early 20th century, life expectancy was 47.3 years vs. today’s life span of nearly 79 years.1 According to data from the Social Security Administration, a man who lives to 65 will live on average to age 84, while women of the same age should live to age 86

Scores of blunders sees Norfolk councils breach data laws over confidential ..  — Norfolk Eastern Daily Press
Information Commissioner Christopher Graham has previously called for councils to take their responsibilities for protecting personal data more seriously. He said in 2012: “There is clearly an underlying problem with data protection in local government.”.

Related Posts

Copyright © . All Rights Reserved