chapter 4

Privacy — Data Protection

Personal Info


Data relating to a living person who can be identified: (a) from those data, or (b) from those data and other information which is in your possession. This does include the personal opinion of the individual.

—Data Protection Act

Whether you conduct business online or offline, you have access to personal information about your customers. Privacy is important to them, but it is becoming more and more difficult to protect in an increasingly digital marketplace.

The Data Protection Act provides rules for how you can collect, use and disclose this information.

The Information Commissioners Office ("ICO") is the independent authority responsible for investigating privacy complaints, educating stakeholders and upholding privacy principles. The law makes it clear that it’s your responsibility as a business owner and collector of data to make sure the information you collect is managed with respect.

Privacy Principles

Principle 1

Personal data must be processed fairly and lawfully.

Principle 2

Information should only be obtained for specified and lawful purposes.

Principle 3 — 5

These are information standards principles describing how much information you can hold and for how long. It must also be accurate.


Principle 6

Individuals' rights under the act.

Principle 7

Explains how data must
be kept securely.

Principle 8

Guidelines for information sent outside the European economic area.

For more information of these principles click here

Privacy laws in the U.K. seek to create a balance between your need to collect personal information and an individual's right to maintain their personal privacy. The law can be complex, and is based on eight data protection principles outlined on the next page. You must collect and use the information you need from customers using these principles.

Privacy Policy

Required Information

(i) What information is collected.
(ii) Why it's collected.
(iii) How it's stored and kept safe.
(iv) If the information will be shared.
(v) How you can be contacted.

As an online shop owner, you collect information about your customers to provide them with your products or services. The best way to protect yourself, gain consent and inform your clients is to have a well-designed privacy policy. The link to this document should be visible and accessible on your online store.

Any promises you make in this policy create a contract to which both you and your customer are bound. You need to be conscious of your privacy policy to make sure you comply with the promises you make. Some of the information that needs to be provided is actually controlled by the e-commerce platform you choose (such as storage or security). When deciding on a platform, pay attention to how they integrate their privacy policy, and see what sort of guidance they provide for preparing the clauses for your own policy.

The ICO is an excellent and interactive resource to help you comply with important federal privacy law. In addition to clearly labeled information, there are interactive quizzes that provide tailored assessments and plans for your business. As an online shop owner, you should stay informed and use the resources provided to you by the ICO so that the information you receive is secure and used appropriately.

Privacy Policy Generator

Coming up with your first privacy policy can be challenging so we've created a handy tool that generates your own, custom privacy policy with the click of a button.

Click here to get started.

Next chapter

5. Business Structures

5 min

Start your free 14-day trial today!