Debitoor Dictionary

Accounting terms explained simply

Over 300 Articles for Founders and Entrepreneurs

  1. Companies Act 2006
  2. GDPR

Data Protection Act – What is the Data Protection Act?

The Data Protection Act (1998) is a UK law that governs the processing and handling of personal information.

Keep your financial data safe and secure with Debitoor. Try Debitoor online invoicing software free for 7 days.

The main purpose of the Data Protection Act is to protect individuals from having their personal details misused or mishandled. The Data Protection Act does this in two ways:

  • By establishing rights for individuals;
  • By creating responsibilities for businesses, organisations, and the government and setting guidelines for the way they handle and store ‘personal data’.

‘Personal data’ refers to information that identifies or is ‘obviously about’ about a specific individual; the Data Protection Act does not cover anonymous or aggregated data.

The eight principles of the Data Protection Act

The Data Protection Act establishes eight core principles for the handling of personal data. These principles ensure that personal data is:

  1. Processed fairly and lawfully
  2. Processed only for specified, lawful, and compatible purposes
  3. Adequate, relevant, and not excessive for the intended purposes
  4. Accurate and up-to-date – individuals have the right to have inaccurate personal data corrected or destroyed
  5. Kept for no longer than necessary
  6. Processed in line with the rights of the individuals
  7. Secured against accidental loss, destruction, or damage against unauthorised or unlawful processing
  8. Not transferred outside the European Economic Area (EEA) unless there is adequate protection.

Data Protection Act and your small business

Virtually all small businesses and start-ups hold personal details of staff, customers, and suppliers – such as names, phone numbers, and bank details. Any data that is stored on a computer or within a physical filing system must comply with the Data Protection Act, and as an entrepreneur, freelancer, or small business owner, it’s your responsibility to make sure that you stick to the rules.

As a small business owner, you should handle data in accordance with the Data Protection Act's eight principles. Although this might seem like a lot of work, compliance is essential if you want to avoid hefty fines. The eight principles also tend to overlap with good practice when it comes to the management and handling of personal information, such as keeping personal details up to date.

The Information Commissioner’s Office (ICO) has a useful webinar on data protection for small and medium-sized enterprises.

Data Protection Act and Debitoor

Debitoor invoicing software strictly adheres to the principles of the Data Protection Act and the GDPR – both regarding the data of our users, as well as the data stored in their accounts. Find out more about security as a Debitoor user.