Why is data protection so important?

Blogs 5 Oct 2019

FSB explains how data protection is important to a business, the penalties for failure and the help available to businesses.

Any information that your business stores digitally needs to be properly protected. From financial information and payment details to contact information for your staff, data usage in the UK is protected by law.

We explain why data protection is not just a legal necessity, but crucial to protecting and maintaining your business.

What data needs to be protected?

Key pieces of information that are commonly stored by businesses, be that employee records, customer details, loyalty schemes, transactions, or data collection, needs to be protected. This is to prevent that data from being misused by third parties for fraud, such as phishing scams and identity theft.

Common data that your business might store, include:

  • Names
  • Addresses
  • Emails
  • Telephone numbers
  • Bank and credit card details
  • Health information

This data contains sensitive information that could relate to your: current staff and their partners or next of kin; shareholders, business partners and clients; customers and other members of the public.

Protecting all this information, in accordance with the Data Protection Act, requires businesses to adhere to specific principles.

Does your business or organisation receive personal data from the EU/EEA?  

You may receive a personal data transfer from an EEA partner. If so, there are steps you need to take now to comply with new data security rules.


The Data Protection Act contains a set of principles that organisations, government and businesses have to adhere to in order to keep someone’s data accurate, safe, secure and lawful.

These principles ensure data is:

  • Only used in specifically stated ways
  • Not stored for longer than necessary
  • Used only in relevant ways
  • Kept safe and secure
  • Used only within the confines of the law
  • Not transferred out of the European Economic Area
  • Stored following people’s data protection rights

This comes into practice in business particularly when you recruit staff, amend staff records, market your products or services, or use CCTV.

The Children's Code

The Age Appropriate Design Code, or Children’s Code, is a new data protection code of practice for online services likely to be accessed by children, such as apps, online games and social media sites.

It translates the GDPR requirements into design standards for online services to help you understand what is expected of your business. You’ll need to consider things like how much personal data you need, if you should be sharing the data and how it might impact a child’s privacy.

The ICO offers complete guidance and support to help you to achieve compliance by 2 September 2021.


The principles set out in The Data Protection Act help businesses ensure the details of their staff, clients and customers are properly protected.

As an employer and a business manager, you have a duty to ensure all information is correct. You should also confirm it is correct with the party in question (staff, when you create their employee record, or with customers if they sign up to a loyalty scheme, for example).

Following proper data protection procedures is also crucial to help prevent cybercrimes by ensuring details, specifically banking, addresses and contact information are protected to prevent fraud. For instance, your clients' or customers’ bank accounts being hacked into.

A breach in your data protection can be costly. And affected customers and staff, in some cases can pursue compensation against your business. You can also leave yourself open to punishments for failing to comply with data protection.


The Data Protection Act is a key law within the UK. Failure to comply can have serious consequences. Violating data protection law can see you and your business prosecuted, resulting in harsh punishments. These can include fines of anything up to £500,000 or action being taken that could result in a prison sentence.

Ensuring you adhere to data protection policies is crucial as the effects of non-compliance can be devastating for you and your business.

You can read more on data protection and find downloadable resources on our #FSBeDataReady campaign hub.

How can FSB help?

Data protection is a key legal matter that can be difficult to navigate. FSB members benefit from a legal protection scheme that provides access to a number of services, including:

  • Legal costs insurance, covering a range of areas, including Data Protection Prosecution
  • 24-hour Legal Advice helpline
  • Online Legal Information Hub, providing a comprehensive range of support materials

To find out more about data protection or the other areas where our legal protection scheme can benefit your business, get in touch with a member of our team, or visit our FSB Legal Protection Scheme page.


FSB Legal Protection Scheme

Legal protection covers various scenarios and ensures you and your business are covered

Find out more