Whatever the size or nature of your business, you will need to be fully aware of the requirements of data protection legislation if, as is likely in any business, you “process” (i.e. receive, collect, hold, disclose, delete, or process in any other way) any “personal data”. Even a one time purchase online may entail processing of personal data. The personal data you process may be data of actual or potential customers, suppliers, contractors, or employees (or, if you are a not-for-profit organisation, donors or supporters).
You will need to register your business with the Information Commissioner’s Office (ICO) and deal with all such data in accordance with the law. Consider what practical security measures you need to take in relation to personal data which you hold, adopt a formal data protection policy, and make sure that all staff have adequate data protection training. The ICO’s website contains guidance on what is required, and you should familiarise yourself with the relevant legal requirements before you begin trading. Data protection law was updated and extended in May 2018 by the General Data Protection Regulation. We strongly recommend that you familiarise yourself with data protection law to ensure that you comply.