Valued Product

Reading Time Time to read: 3 minutes

Data privacy issues to be aware of

David Norris

ex-Partner @ Forward Partners

Online businesses often handle a lot of personal data. There is a significant amount of legislation around handling personal data, and as a director of your business it's you who's responsible for handling this data correctly.

Key takeaways

  • If you handle personal data you need a privacy policy;
  • Make sure you register with the ICO (failure to do so is a criminal offence);
  • You need to put processes in place to protect people's personal data.

This article is not legal advice. Here we simply highlight some key issues that you need to be aware of.

What the law says

The Data Protection Act controls how personal data is used by organisations. You have to pay attention to it if your company is strong people's personal data. Personal data (or ‘personal information’) is any information that can be used to identify a specific person. It's "any detail about a living individual that can be used on its own, or with other data, to identify them". Someone's name for example is not enough to identify them as many people share the same name. However a name, if stored with that person's address and date of birth creates a data set that can identify an individual. If you aren't sure whether this applies to you, have a closer look at the definition of personal data. Individuals have rights under law as to what personal data can be held on them and the ICO (Information Commissioners Office) is the UK's independent body set up to uphold information rights. Everyone responsible for using data has to follow the following ‘data protection principles’....

You must make sure that information is:

  • used fairly and lawfully
  • used for limited, specifically stated purposes
  • used in a way that is adequate, relevant and not excessive
  • accurate
  • kept for no longer than is absolutely necessary
  • handled according to people’s data protection rights
  • kept safe and secure
  • not transferred outside the UK without adequate protection

What you need to do

At a very basic level, there are 3 main things you need to do

  1. Have a privacy policy
  2. Register with the ICO
  3. Protect people's personal data

Privacy policy

If you collect information about people they need to know who you are and what you’re going to do with their information. To do this, you need a clear privacy policy on your website. Show this on every page (e.g. in the footer) and be sure to link to it clearly whenever you are collecting personal information (e.g in a shopping cart).

Register with the ICO

Most startups will process personal data in a way that requires them to register with the ICO as a data controller. Failure to register is a criminal offence.

Protect personal data

This is the most important point of all. Protecting personal data is your responsibility and this extends to data that is held physically as well as digitally.

  • Some examples;
  • your employee contracts contain personal data. They need to be stored securely. If printed, they need to be in a locked cupboard. If digitally, they must have restricted access
  • likewise, candidate CVs contain personal data. They must not be left lying around on desks and should be disposed of after use
  • do not share personal information you've collected with a third party without the explicit consent of the individual
  • ensure contracts with 3rd parties state their obligations with regards to handling personal data
  • think carefully about how you manage passwords and access to your core systems. Never share passwords that can access personal information
  • clear hard drives from laptops when disposing of them

Here's a useful short video that explains all the basics....

Useful links

David Norris

ex-Partner @ Forward Partners

Scaleup operations expert, ex-COO of HouseTrip, Bookable and IOVOX, previously eCommerce and Website Operations Director at Expedia.

Apply for Office Hours

We’re looking for great entrepreneurs with great ideas.

Apply here

Similar Guides