Data Protection Act UK

In the UK, the Data Protection Act UK and the Privacy & Electronic Communications Regulations (PECR) are two main anti spam laws. Take them into account when developing your small business strategy for sales and marketing.

Let’s deal with the Data Protection Act UK. There are two main considerations:

  • establishing if you are a Data Controller

  • collecting and managing your data in accordance with the Act

data protection act uk

Are You a 'Data Controller'?

An official Data Controller must register with the Information Commissioner's Office (ICO). How do you know if you need to register?

Well, it's probably easier to define the circumstances in which you DON'T need to register. If all you record is:
  • Employee information

  • Customer information for the purposes of marketing your own business probably do NOT need to register. It is, however, strongly recommended that you check the specific position of your own business on the ICO website.

There is an online questionnaire that will help establish if your business falls within the definition of a Data Controller. See the links in the right-hand column.

Registering is quick and easy. The application form is very simple and, if you have less than 250 employees, the fee (at February 2011) is £35 per year.

Data Controller or not, you must comply
with these rules

Whether or not you do have to register, the act requires you to adhere to basic, common sense principles that provide protection for customers in the UK.

When collecting and managing customer information, you should:

data protection act uk

  • Identify your company

  • Clearly state the purpose of collecting the information

  • Provide a right of access and allow the information to be corrected/removed by the subject

  • The information should not be put to unreasonable/unrelated or unexpected use

  • It must not passed to others without permission

In the right-hand column are links to the ICO's Guide to Data Protection and a quick 'How to Comply' checklist for the Data Protection Act UK.

Do you need a Privacy Notice?

Possibly not. If customers already know who you are, and if you’re not going to do something unexpected or objectionable with their personal information, then you may not need a privacy notice.

The law doesn’t require you to tell people about obvious uses for their information, such as a mail order firm asking for a delivery address.

Best to check, though. See the links on the right for more information.

direct marketing consulting
Not only does the act provide protection for customers, it's also a good practical framework for businesses. Customers are significantly more willing to give you their contact details if you give open and honest reassurances about how their data will be used.

There’s lots more about database marketing at these pages...

To leave data protection act uk and find out how to develop your own database marketing strategy, visit our homepage >>

Looking for something specific?
Search this site here:

Please note...
The content of this page on the Data Protection Act is for guidance only, and does not constitute legal advice. See our legal disclaimer for more information.

The act provides protection for customers in the UK, and relates only to businesses operating in the UK.

More Info Here...

anti spam laws 03

In the UK, both the PECR and the Data Protection Act are the responsibility of the Information Commissioner's Office.

To visit the ICO homepage and find out more about anti spam laws click here

To complete the online questionnaire and establish if you are a Data Controller click here

To download the ICO's Guide to Data Protection (PDF) click here

To download a useful ICO checklist on how to comply (PDF) click here

To go to the ICO webpages specifically about Privacy Notices click here