Legal Compliance for Businesses

Although there are laws in place to protect businesses, there are also those such as the Data Protection Act 1998 which they must comply with in order to operate legally.

Data Protection Act 1998 The Data Protection Act 1998 is perhaps the most important Act for businesses to consider when it comes to compliance.

The Data Protection Act 1998 is overseen and regulated by the Information Commissioner’s Office. The Act covers important rules on the storage, processing and distribution of electronic data. The Act has 8 core principles and they have been paraphrased below:

  • Personal data shall be processed fairly and lawfully.
  • Personal data shall only be obtained for a specified, lawful purpose.
  • Personal data will be adequate, relevant and not excessive.
  • Personal data will be accurate and kept up to date.
  • Personal data shall not be kept for any longer than necessary.
  • Personal data will be processed in accordance with the rights of the data subject.
  • Appropriate measures will be taken against unauthorised processing, loss or damage to data.
  • Data will not be transferred outside of the European Economic Area unless the rights of the data subject can be upheld.
More information on Data Protection can be found at
Failure to comply with the regulations can result in a variety of penalties so it is a good idea to ask questions if you are unsure of your responsibilities.

Information Commissioner’s Office As mentioned above, the Information Commissioner’s Office is responsible for the Data Protection Act but also holds the register for businesses that process personal information and deals with concerns relating to the Act. If your business deals with personal information it must register with the ICO, this is also obligatory for the use of CCTV.

Depending on which sector(s) your business operates in will affect the number of regulations it must comply with, for example the financial sector is regulated by the Financial Conduct Authority (FCA). Please ensure you research regulators to ensure you are following guidelines or legal obligations.