In the UK, the Data Protection Act UK and the Privacy & Electronic Communications Regulations (PECR) are two main anti spam laws. Take them into account when developing your small business strategy for sales and marketing.
Let’s deal with the Data Protection Act UK. There are two main considerations:
- establishing if you are a Data Controller
- collecting and managing your data in accordance with the Act
Are You a ‘Data Controller’?
An official Data Controller must register with the Information Commissioner’s Office (ICO). How do you know if you need to register?
Well, it’s probably easier to define the circumstances in which you DON’T need to register. If all you record is:
- Employee information
- Customer information for the purposes of marketing your own business
…you probably do NOT need to register. It is, however, strongly recommended that you check the specific position of your own business on the ICO website.
There is an online questionnaire that will help establish if your business falls within the definition of a Data Controller. See the links in the right-hand column.
Registering is quick and easy. The application form is very simple and, if you have less than 250 employees, the fee (at February 2011) is £35 per year.
Data Controller or not, you must comply
with these rules
Whether or not you do have to register, the act requires you to adhere to basic, common sense principles that provide protection for customers in the UK.
When collecting and managing customer information, you should: 
- Identify your company
- Clearly state the purpose of collecting the information
- Provide a right of access and allow the information to be corrected/removed by the subject
- The information should not be put to unreasonable/unrelated or unexpected use
- It must not passed to others without permission
In the right-hand column are links to the ICO’s Guide to Data Protection and a quick ‘How to Comply’ checklist for the Data Protection Act UK.
Do you need a Privacy Notice?
Possibly not. If customers already know who you are, and if you’re not going to do something unexpected or objectionable with their personal information, then you may not need a privacy notice.
The law doesn’t require you to tell people about obvious uses for their information, such as a mail order firm asking for a delivery address.
