Comply with the law in the provision of goods, facilities and services

Customers and data protection

All businesses that hold the details of customers, potential customers, suppliers, staff or any other business contacts are required to comply with the Data Protection Act. The Act applies to any records held electronically - for example on computer - or manually such as in a paper file.

You may be required to register with the Information Commissioner. Use our interactive tool to find out whether you need to notify the Information Commissioner about the data your business holds.

You can register with the Information Commissioner on the Information Commissioner's Office (ICO) website or by calling the ICO Helpline on Tel 0303 123 1113.

The Data Protection Act requires businesses to comply with a number of principles. These include:

  • information must only be used for specified and lawful purposes
  • businesses should only hold on to information they actually need
  • information that is no longer required should be deleted or destroyed as soon as possible
  • the information must be accurate and up to date
  • the information must be held securely
  • businesses must observe the subject's rights

You can read information on the principles of the Data Protection Act on the ICO website.

For further information on the implications of the Data Protection Act, read our guide on privacy and data protection in marketing.

Subjects covered in this guide

ICO Helpline

0303 123 1113


Also on this site

Developed with:
Office of Fair Trading
Trading Standards