Return to Social Business Compliance index
Managing assets: Data protection
You must follow rules on data protection if your social business stores or uses personal information. This applies to information kept on staff, customers and users.
A business must abide by the legal requirements of the Data Protection Act 2018 and the requirements of GDPR.
Further guidance:
You must register your business with the Information Commissioner’s Office and pay an annual fee. Level of fee will depend on size of the business but is usually between £40 and £60 for smaller ones. You will be issued with a data protection registration certificate.
Further guidance:
Document your policies with regards to data protection, confidentiality and secure data.
Put in place processes and procedures to ensure information is held securely and that only relevant and up to date information is retained. Ensure you have consent forms in place where appropriate.
Further guidance:
In this section:
Detailed guidance on systems and procedures for business compliance
Ensuring compliance: Governance systems and records
Ensuring compliance: Financial systems and controls - set-up requirements
Ensuring compliance: Financial systems and controls - ongoing requirements
Ensuring compliance: HR systems and procedures
Ensuring compliance: HR systems - Spotlight on ‘Managing people’
- Managing people: Employing and managing staff
- Managing people: Managing volunteers
- Managing people: Using contractors and freelancers
Ensuring compliance: Managing assets and resources - Spotlight on ‘Assets’