Data protection cannot be ignored for your business - Here's why | Checkatrade
Review a Trade

Have you completed a project recently? Let your tradesperson know how they did.

Advice Centre

Get Inspired! Check the latest industry expertise and read insider tips from our vetted tradespeople.

Search For A Trade

We interview and vet all our tradespeople to ensure they meet our high standards.

Join Checkatrade

Join us and benefit from the millions of potential customers who use Checkatrade to find reliable tradespeople.

Advice Centre

Grow your business! Check out top tips and expert advice for boosting your reputation online.

Login To Your Account

Edit your profile, view callback requests and ask for feedback from customers.

Data protection cannot be ignored for your business – Here’s why

Don't be nervous about GDPR. By acting on it, you can keep your customer's and business’s data safe. Make sure you're not stung by a hefty fine with our free GDPR checklist!

GDPR applies to any organisation, big or small. You not only need to be aware of it, but you’ve got to take action on it.

Your responsibilities as a small business or sole trader

For you as a tradesperson, we know your blood, sweat, and possibly a few tears, have gone into building your business from the ground up.

The last thing you want is for a data protection breach to compromise the reputation you’ve worked so hard to build in your area.

With customer and employee data on file, it’s easier than you might think for someone to get access to information that they shouldn’t.

The typical examples of a data breach include:

  • Sending an email to the wrong person
  • Sending an invoice to the wrong customer or address
  • A company laptop being stolen
  • A cyber scam (fraudsters getting hold of your private information)

What are the UK data protection laws?

The UK has several laws that require businesses to process personal data in a responsible and safe way:

  • UK GDPR (the most widely known law)
  • Data Protection Act 2018 (this gives more specific exemptions)
  • Privacy and Electronic Communications Regulations (PECR) 2003 (this sets out the rules for electronic marketing)

Failure to comply with these laws could result in a hefty fine and a serious dent in your company’s reputation.

So as a small business owner or sole trader, how can you make sure you protect the data in your company’s hands and stay on the right side of the law?

GDPR compliance folder

GDPR overview

GDPR stands for General Data Protection Regulation and is the toughest privacy and security law in the world. It came into force in 2018 to help protect the vast personal data collected by organisations.

Whatever the size of your trades business, you are subject to GDPR law. If your business processes personal data (e.g. names, email addresses, and contact information of customers and/or employees) you need to register with the Information Commissioner’s Office (ICO).

You will also need to pay an annual fee. These range from £40 to £2,900, but for most organisations, it will be £40 or £60 per year. Failure to pay the fee can result in a fine of up to £4,350.

Tip: Pay your fee by direct debit and you’ll receive an automatic discount of £5. There is no VAT charged on these fees.

It’s more straightforward to do than you might think – you can register with the ICO and pay your data protection fee now.

GDPR storing customer data

GDPR for your small business

Once you’ve registered with the ICO and paid the annual fee, you need to tell customers and any employees how you will process their data.

Data protection notice for small business

UK law requires “data controllers” to tell people how their data is being used.

A data controller is the organisation processing the personal data we mentioned earlier, i.e. peoples’ names, email addresses, and contact information etc.

The best way to do this is to create a Privacy Notice that outlines the way you handle the data in your small business. That is how the information is collected and used. It also informs people how to contact you or the ICO.

  • Make sure you have your Privacy Notice on your website or available when you first contact a new customer.
  • Share your Privacy Notice with all existing staff, and any new starters when they join.

To help with your small business data processing, the ICO has created an easy-to-use template, from which you can make your own Privacy Notice.

Create your own Privacy Notice now


Cookies are small text files that are downloaded onto computers or smartphones when a user accesses a website.

If you track visitors to your company website using cookies, or have links to your social media accounts or other websites, you need to make this clear. You need to tell website visitors that you use cookies and give them the opportunity to give permission to load the cookies.

Don’t worry, most platforms such as WordPress have plug-ins that can be loaded to your website for free to create a Cookie Banner to tick this box. You’ve probably experienced Cookie Banners yourself when using the internet. It’s the message that pops up on a website when you visit for the first time to ask for permission to load cookies.

Read about Cookie requirements here

Don’t get stung – download our GDPR checklist

GDPR checklist for businesses


Whether you’re looking for information on data protection as a sole trader or a small business, the same rules apply.

Download our data protection checklist and be a GDPR compliant business that homeowners can trust. If you’re a Checkatrade member, download it for free in the community – no need to fill in the form below.

The GDPR checklist will guide you on:

  • How to register with the ICO and what annual fees there are to pay.
  • Creating a company Privacy Notice for customers and employees.
  • Creating a Cookie Banner on your website.
  • Individual Rights – what to do should a customer or employee ask for copies of their personal data or for their data to be deleted.
  • How to protect Special Category Data, particularly important if you employ staff.
  • Your obligations should a Data Breach occur.
  • The rules around electronic marketing, such as email, text messages or calls for marketing purposes.
  • How to keep personal data safe.
  • How to stay compliant when data sharing or entering into an agreement with contractors or temporary staff.
  • How to train your employees on their responsibilities for the personal data in their care.

GDPR storing employee data

While this may seem overwhelming, it is a legal requirement, and you could land yourself in hot water if you don’t meet the steps.

That’s why we’ve put together a helpful download that contains advice/what you need to do in order to make sure you’ve ticked the data protection box for you, your business, and your customers.

The good news is, you can also use your compliance with data protection legislation as a competitive advantage for your business. The ICO register is a public document that anyone can access to see which organisations are registered.

Being on the ICO register gives customers, contractors, and employees reassurance that your trades business is responsible and trustworthy. It could even be a deal-breaker for large organisations looking to subcontract work to your small business, or enlist your business as a supplier.

Common questions answered

What are the rules on electronic mail marketing (email type communications)?

The rules on electronic mail marketing are explained in detail on the website.

In essence, you must be sure that when you send any electronic mail (email) to your customers, you have specifically asked for consent to do so. If you have an existing customer and you want to send marketing information to them, you must have previously offered an opt-out on the initial collection of their electronic contact details. Check you always include an unsubscribe option in your mailing every time you send them an electronic mail.

As a tradesperson with a growing email database, do not be tempted to send a blanket email to all your previous customers unless you have checked you have their explicit consent to do so. If you encourage your customers to forward on or share your marketing, you must still comply with the rules outlined in PECR ( Privacy and Electronic Communications Regulations)

How does GDPR affect small business?

GDPR makes sure that small businesses process the personal data they hold in a responsible and safe way. This personal data can relate to both customers and employees, and covers elements such as peoples’ names, email addresses and contact information.

How to comply with GDPR as a small business

To comply with GDPR as a small business, you will need to make sure your business is compliant with data protection law, as outlined in the post above. You can also assess your level of compliance on the ICO website.

Tell us what you think

Please leave your comment

Your email address will not be published. Required fields are marked *

What others think of this article:

No comments yet!

More content like this

What’s the average gutter installer salary?

Hoping to get into gutter installation? A gutter installation pro planning to go self-employed? Run ...

Read more
How much do bricklayers earn?

Average salary for UK bricklayers Qualified and experienced bricklayers can expect to earn an excell...

Read more
How much do house cleaners earn?

Average salary for UK house cleaners House cleaners are always needed in homes across the UK. Whethe...

Read more