Managing assets: Data protection

You must follow rules on data protection if your social business stores or uses personal information. This applies to information kept on staff, customers and users. 

A business must abide by the legal requirements of the Data Protection Act 2018 and the requirements of GDPR. 

Further guidance:

Data Protection 

Data Protection and your Business 

You must register your business with the Information Commissioner’s Office and pay an annual fee. Level of fee will depend on size of the business but is usually between £40 and £60 for smaller ones. You will be issued with a data protection registration certificate. 

Further guidance:

Data Protection Fee: Start Here 

Document your policies with regards to data protection, confidentiality and secure data. 

Put in place processes and procedures to ensure information is held securely and that only relevant and up to date information is retained. Ensure you have consent forms in place where appropriate. 

Further guidance:

Information Commissioner's Office: For Organisations GDPR