{"id":1760,"date":"2022-01-16T21:55:03","date_gmt":"2022-01-16T21:55:03","guid":{"rendered":"https:\/\/uk.legalvision.com.au\/?p=1760"},"modified":"2026-03-06T14:29:20","modified_gmt":"2026-03-06T14:29:20","slug":"privacy-obligations","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/","title":{"rendered":"Privacy Laws in the UK: What are Your Obligations as a Business?"},"content":{"rendered":"\n<p><span style=\"font-weight: 400\">The <a href=\"https:\/\/gdpr.eu\/\">General Data Protection Regulations (GDPR)<\/a> imposed new data privacy obligations on businesses in England and Wales. These included the obligation for businesses to store and safeguard their customers\u2019 personal information. Your business can face big fines if you do not comply with the new legislation. For that reason, it is wise to know and understand your businesses data privacy obligations. This article will detail the different obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What is GDPR Compliance?&nbsp;<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The GDPR applies to any person residing in the European Union. The regulations ensure that businesses safely collect, process and store personal information in their daily functions.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Many businesses now need to collect sensitive data from their customers to operate. For example, online retailers collect consumer information to facilitate deliveries of goods, run marketing campaigns and operate general business practices.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Storing and using that data is known as data processing. Importantly, your business\u2019 obligations may vary depending on how your business uses its customers\u2019 information. So, to <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\">understand your obligations under GDPR<\/a>, you must establish whether you are a data controller or a data processor.\u00a0<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Are You a Data Processor or Data Controller?&nbsp;<\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What is a Data Controller?<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">In short, data controllers are the primary decision-makers when managing and storing personal data. They decide what information is collected and the purposes for collecting that information. Data controllers typically have a relationship or contract with the person whose data is being collected, also known as the \u2018data subject\u2019, and will appoint a processor to collect their data on their behalf.\u00a0<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Controllers take on more GDPR responsibilities than processors. This is because controllers seek to collect data for their business functions. They are also responsible for the compliance of their data processors. Data controllers must register with the Information Commissioner\u2019s Office (ICO) and pay a data protection fee.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What is a Data Processor?&nbsp;<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">Data processors collect, handle, and <a href=\"https:\/\/legalvision.co.uk\/regulatory-compliance\/sensitive-data-information\/\">store their customers\u2019 personal information<\/a>. Typically a processor will follow the instructions from a data controller on how and where to collect personal data from. Unlike data controllers, data processors do not decide what data should be collected and how the data is used. Furthermore, they do not decide on how long to retain the data for.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Processors do not have the same privacy obligations as controllers under GDPR as data controllers. Still, they must ensure that they correctly follow the controller\u2019s instructions, prevent breaches and maintain security, and notify controllers of potential breaches.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Here are several obligations your business must adhere to if you are a data controller or processor.&nbsp;<\/span><\/p>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/1760#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Instagram<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1760' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='hagO803UsiGB4+7a+ppRrQ24IktSo2STOc8Sh1IcZUEpb6dCMuSaPxKZwdvb0Ju0esqazPcfzGCGtt4IF03+S70nrGylfdzmhDxEuXsHL3NTFb0=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">GDPR Privacy Obligations Imposed on Businesses<\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Process Data Fairly and Lawfully<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">This obligation applies to both controllers and processors and requires that you use data lawfully and obtain it fairly.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If your business is a data controller, you must acquire data in a way that does not convene data security regulations. You must also use that data appropriately in the functioning of your business. It is your responsibility to ensure that your data processors are compliant with this principle.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Collect Adequate Information For Specified and Legitimate Purposes&nbsp;<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">If your business is a data controller, you must only collect a reasonable amount of specified data from your customers. You must also have a purpose for doing so that is both lawful and has good reasoning. Otherwise, you can receive a fine if you are collecting unnecessarily large amounts of data that have no bearing on your business practices. Additionally, you must not hold the data you collect longer than necessary.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Accountability and Transparency<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">Both data processors and data controllers must be held accountable for how they use personal data. That requires them to keep a history of how they store and process personal information and be transparent on how and why they collect and process personal information.&nbsp;<\/span><\/p>\n\n\n\n    <div class=\"my-7 lg:my-10 border-y-2 border-gray-100 py-7 lg:py-10 flex flex-col sm:flex-row items-start gap-10\">\n                    <img decoding=\"async\" class=\"w-52 mx-auto my-0! rounded\" src=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2024\/09\/30065809\/LV-UK-Personal-Data-Breach-Notification-Factsheet.png\" alt=\"Front page of publication\"\n                 loading=\"lazy\" width=\"208\" height=\"298\">\n                <section>\n            <div class=\"text-2xl font-bold\">Personal Data Breach Notification Factsheet<\/div>\n            <div class=\"body-text\">\n                <p>This factsheet outlines the steps for notifying the ICO and affected individuals about personal data breaches.<\/p>\n            <\/div>\n            \n\n<a href=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2024\/09\/30065528\/LegalVision_UK-Personal-Data-Breach-Notification-Factsheet.pdf\" class=\" block px-5 py-3.5 max-w-fit bg-orange button__hover transition rounded text-white font-bold text-lg no-underline uppercase leading-tight text-center\" target=\"\" rel=\"\">Download Now<\/a>        <\/section>\n    <\/div>\n\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Security<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">Data processors must take the appropriate measures to ensure their security systems are up to date and secure enough to prevent any data breaches from occurring.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Controllers must also employ the same practices and have an obligation to ensure any data processor they employ is securely housing their customers\u2019 personal information.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Duty to Delete and Amend Personal Information When Requested<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">A customer can request a data controller to delete, alter or ask for access to their personal information. In that case, data controllers must fulfill these requests and amend or delete their data immediately after the customer makes the request.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Notification of Potential Breaches<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">If you become aware of a potential data breach, you must report that breach as soon as possible. If you are a data processor, you need to immediately report that breach to your data controller.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Data controllers are responsible for notifying the Information Commissioner\u2019s Office (ICO). The ICO is the regulatory authority responsible for overseeing data protection regulation in England and Wales. Additionally, data controllers must also notify any persons whose information has been leaked and appropriately take measures to rectify the situation.&nbsp;<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Data Controller\u2019s Responsibility for their Processors<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">Data controllers also must ensure that their processors are operating within the GDPR\u2019s standards. A processor\u2019s failure to comply with any of the above obligations or data protection laws can result in fines against you as the data controller.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Key Takeaways<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">When establishing your business\u2019s data protection obligations under the GDPR, you must first establish whether you are a data processor or a controller. Both result in <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-laws-digital-marketing-business\/\">different privacy obligations to businesses<\/a>. Therefore, identifying whether you are one or the other can help you adhere to the GDPR.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Generally, your business will have an obligation to safeguard the information you collect from your customers appropriately. You may therefore need to:&nbsp;<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">ensure the appropriate security measures are in place to store data;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">process data lawfully and fairly;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">be transparent about how you use that data; and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">allow customers to access, delete and amend their personal data as they desire.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">You should seek the advice of a practising lawyer if you are trying to understand your privacy obligations under the General Data Protection Regulations. <\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If you need advice on how your business can stay GDPR compliant, our experienced <a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\">data, privacy and IT lawyers<\/a> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <a href=\"https:\/\/legalvision.co.uk\/membership\">membership page<\/a>.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Frequently Asked Questions<\/span><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1642369670067\"><strong class=\"schema-faq-question\">Why are greater obligations placed on data controllers?<\/strong> <p class=\"schema-faq-answer\">Data controllers have greater obligations because they oversee data processing, which occurs more often than not through a third-party data processor. In instructing a processor to handle their customer\u2019s personal information, a controller acquires more obligations to ensure the processor is acting fairly within the law.\u00a0<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1642369683052\"><strong class=\"schema-faq-question\">How do I know if I am a data controller or data processor?<\/strong> <p class=\"schema-faq-answer\">The main distinguishing feature between whether you are a data controller or processor is whether you are advising another entity on what data you are looking to collect. If you do instruct another entity to process data, you are a data controller. On the other hand, if you receive instructions to process personal information, then you are a data processor.\u00a0<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"9eb4f72322\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/1760\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"Privacy Laws in the UK: What are Your Obligations as a Business?\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulations (GDPR) imposed new data privacy obligations on businesses in England and Wales. These included the obligation for businesses to store and safeguard their customers\u2019 personal information. Your business can face big fines if you do not comply with the new legislation. For that reason, it is wise to know and<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\">Continue reading <span class=\"sr-only\">&#8220;Privacy Laws in the UK: What are Your Obligations as a Business?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13324,"featured_media":653,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"1724,1976,1065,2541,1366,1203","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[363,364,365,366],"class_list":["post-1760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-privacy-obligations","tag-business-privacy","tag-gdpr","tag-data-privacy"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Privacy Obligations For Businesses in England and Wales | LegalVision UK<\/title>\n<meta name=\"description\" content=\"This article will detail the different privacy obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Obligations For Businesses in England and Wales | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"This article will detail the different privacy obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-16T21:55:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-06T14:29:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Edward Carruthers\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Edward Carruthers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\"},\"author\":{\"name\":\"Edward Carruthers\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/79e3a1ab149a10a4b12cff20110289b2\"},\"headline\":\"Privacy Laws in the UK: What are Your Obligations as a Business?\",\"datePublished\":\"2022-01-16T21:55:03+00:00\",\"dateModified\":\"2026-03-06T14:29:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\"},\"wordCount\":1234,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"keywords\":[\"privacy obligations\",\"business privacy\",\"gdpr\",\"data privacy\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\",\"name\":\"Privacy Obligations For Businesses in England and Wales | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"datePublished\":\"2022-01-16T21:55:03+00:00\",\"dateModified\":\"2026-03-06T14:29:20+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/79e3a1ab149a10a4b12cff20110289b2\"},\"description\":\"This article will detail the different privacy obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369670067\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369683052\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"width\":1600,\"height\":1200,\"caption\":\"Trade Mark Cease and Desist: UK E-commerce Response Guide\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Privacy Laws in the UK: What are Your Obligations as a Business?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/79e3a1ab149a10a4b12cff20110289b2\",\"name\":\"Edward Carruthers\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png\",\"caption\":\"Edward Carruthers\"},\"description\":\"Eddie is a Expert Legal Contributor for LegalVision with particular experience in Corporate and Commercial Law. He has two years experience working at a City firm in London, and is a qualified journalist with the Press Association. While Eddie has experience working in Commercial Law, he has special expertise in Medical Law and Health Care practice having completed a Master's in Law with Medicine and Health Care at the University of Liverpool. Qualifications: Master of Laws (LLM), University of Liverpool; Law with Philosophy (LLB Hons), University of Liverpool; NCTJ Level 5 Diploma, Sports Journalism, Press Association.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/eddie-carruthers-4a72a2b2\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/edwardcarruthers\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369670067\",\"name\":\"Why are greater obligations placed on data controllers?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Data controllers have greater obligations because they oversee data processing, which occurs more often than not through a third-party data processor. In instructing a processor to handle their customer\u2019s personal information, a controller acquires more obligations to ensure the processor is acting fairly within the law.\u00a0\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369683052\",\"name\":\"How do I know if I am a data controller or data processor?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The main distinguishing feature between whether you are a data controller or processor is whether you are advising another entity on what data you are looking to collect. If you do instruct another entity to process data, you are a data controller. On the other hand, if you receive instructions to process personal information, then you are a data processor.\u00a0\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy Obligations For Businesses in England and Wales | LegalVision UK","description":"This article will detail the different privacy obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/","og_locale":"en_GB","og_type":"article","og_title":"Privacy Obligations For Businesses in England and Wales | LegalVision UK","og_description":"This article will detail the different privacy obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-01-16T21:55:03+00:00","article_modified_time":"2026-03-06T14:29:20+00:00","og_image":[{"width":1600,"height":1200,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","type":"image\/jpeg"}],"author":"Edward Carruthers","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Edward Carruthers","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/"},"author":{"name":"Edward Carruthers","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/79e3a1ab149a10a4b12cff20110289b2"},"headline":"Privacy Laws in the UK: What are Your Obligations as a Business?","datePublished":"2022-01-16T21:55:03+00:00","dateModified":"2026-03-06T14:29:20+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/"},"wordCount":1234,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","keywords":["privacy obligations","business privacy","gdpr","data privacy"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/","name":"Privacy Obligations For Businesses in England and Wales | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","datePublished":"2022-01-16T21:55:03+00:00","dateModified":"2026-03-06T14:29:20+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/79e3a1ab149a10a4b12cff20110289b2"},"description":"This article will detail the different privacy obligations that the GDPR places on businesses to protect their customers\u2019 personal data.\u00a0","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369670067"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369683052"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","width":1600,"height":1200,"caption":"Trade Mark Cease and Desist: UK E-commerce Response Guide"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"Privacy Laws in the UK: What are Your Obligations as a Business?"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/79e3a1ab149a10a4b12cff20110289b2","name":"Edward Carruthers","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/03\/12052028\/LegalVision_square_logo-150x150.png","caption":"Edward Carruthers"},"description":"Eddie is a Expert Legal Contributor for LegalVision with particular experience in Corporate and Commercial Law. He has two years experience working at a City firm in London, and is a qualified journalist with the Press Association. While Eddie has experience working in Commercial Law, he has special expertise in Medical Law and Health Care practice having completed a Master's in Law with Medicine and Health Care at the University of Liverpool. Qualifications: Master of Laws (LLM), University of Liverpool; Law with Philosophy (LLB Hons), University of Liverpool; NCTJ Level 5 Diploma, Sports Journalism, Press Association.","sameAs":["https:\/\/www.linkedin.com\/in\/eddie-carruthers-4a72a2b2\/"],"url":"https:\/\/legalvision.co.uk\/author\/edwardcarruthers\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369670067","name":"Why are greater obligations placed on data controllers?","acceptedAnswer":{"@type":"Answer","text":"Data controllers have greater obligations because they oversee data processing, which occurs more often than not through a third-party data processor. In instructing a processor to handle their customer\u2019s personal information, a controller acquires more obligations to ensure the processor is acting fairly within the law.\u00a0","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/#faq-question-1642369683052","name":"How do I know if I am a data controller or data processor?","acceptedAnswer":{"@type":"Answer","text":"The main distinguishing feature between whether you are a data controller or processor is whether you are advising another entity on what data you are looking to collect. If you do instruct another entity to process data, you are a data controller. On the other hand, if you receive instructions to process personal information, then you are a data processor.\u00a0","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13324"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=1760"}],"version-history":[{"count":11,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1760\/revisions"}],"predecessor-version":[{"id":194590,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1760\/revisions\/194590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/653"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=1760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=1760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=1760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}