Dog with Not Guilty sign around his neckAs a small business, it is easy to think that the Data Protection Act (DPA) does not apply to you – somehow you are exempt – however, the DPA applies to businesses from the largest to the smallest. Failure to comply can result in possible prosecution and hefty fines.

Customer data is a powerful marketing tool but it must be carefully managed and looked after, in order to use it effectively and also protect your customers’ privacy. For many organisations, the intricacies of the Act can be confusing.

The Information Commissioner’s Office (ICO) provide some key principles to adhere to:

* Process data fairly and securely
Failure to adequately protect personal data can result in personal or sensitive information being revealed illegally. Even name and address data can be powerful if it gets into the wrong hands. If you hold beyond basic name and address data and especially if you record any financial or child identity related data, you must register with the ICO, to comply with the DPA.

* Data must be accurate and up-to-date
To comply with the DPA, organisations must “ensure systems are in place to keep records containing personal information accurate and current”. If a customer contacts you to ask for their details to be removed from your database, the necessary steps need to be taken to ensure they do not receive any further marketing communications. You cannot send them those special offers because you know they would really like to hear about them (in your opinion!).

* Retain data only for as long as is necessary…
..in relation to the purpose for which it was initially collected. And if you intend to share marketing lists with third parties (other companies or business partners), you should be open about this from the outset. Best practice is to have layered opt-ins – one for your marketing communications and a secondary one for third parties.

* The right to opt out
Under the DPA, individuals have the right to opt out of providing information for marketing purposes. You must comply with any such requests. Be open and clear with them when gathering their personal information for marketing purposes, clearly explaining what you intend to do with it.

If you need more information on the DPA, the ICO has produced a helpful guide aimed at small businesses:
Getting it right – A brief guide to data protection for small business“. You can also find out more at the ICO website.