Skip to content
LegalVision UK

Mistakes to Avoid When Entering an NDA

Avatar photo

By Sej Lamba
Expert Legal Contributor and Lawyer

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn | Share on Reddit

Summary

  • A vague definition of confidential information is the most common NDA mistake, creating ambiguity over what is protected and inviting disputes.
  • Ignoring UK GDPR is a frequent oversight where an NDA involves personal data, as both parties may need specific data protection terms to stay compliant.
  • A broad, uncapped indemnity clause can expose the receiving party to compensation far beyond the value of the deal, so it should be reviewed before signing.
  • This guide explains the key mistakes to avoid when entering an NDA for business owners in the United Kingdom.
  • LegalVision’s business lawyers specialise in advising clients on confidentiality and commercial contracts.

Tips for Businesses

Define confidential information precisely, stating exactly what categories are covered and whether it includes data shared before signing. Add UK GDPR data protection terms where personal data is involved. Never agree to an uncapped indemnity, negotiate a cap proportionate to the deal. Set a clear duration, commonly three to five years.

Summarise with:
ChatGPT logo ChatGPT Perplexity logo Perplexity

Open now
On this page

A non-disclosure agreement (NDA) is a contract that stops another party from sharing your confidential information. UK businesses use them when dealing with investors, contractors, manufacturers and other third parties. An NDA is only as strong as its drafting, and common mistakes can leave you exposed. The most frequent is a vague definition of “confidential information”, which creates ambiguity and invites disputes. A second is ignoring UK GDPR duties where the NDA involves personal data, which can lead to regulatory breaches overseen by the Information Commissioner’s Office. A third is agreeing to a broad, uncapped indemnity clause that exposes the receiving party to compensation far beyond the value of the deal. Getting these points right makes an NDA enforceable and worth having. This article will explore critical mistakes to avoid when entering an NDA.   

Why Is an NDA a Valuable Document?

Using an NDA protects invaluable confidential data in business relationships and projects.  

An NDA typically provides specific rules governing another party’s use of your information. This often includes:

  • identifying the information deemed confidential;
  • specifying permissible usage;
  • restricting sharing that information to particular individuals or organisations only;
  • requiring timely data deletion; and
  • outlining consequences for breaching the NDA’s obligations, such as strict remedies.

A business will inevitably share confidential information with external third parties for numerous purposes. These purposes can include customer data, proprietary techniques, and intellectual property rights.

Projects requiring an NDA could include those where a business seeks investments, engages external contractors to assist with a project, or collaborates with third parties such as manufacturers or distributors. Such projects will involve disclosing confidential data to those parties, warranting the need for clear confidentiality rules through an NDA. 

By defining detailed boundaries on using your confidential information, an NDA acts as a deterrent. An NDA can also dissuade external parties from misusing or leaking the information. 

What Are Key Mistakes to Avoid When Entering an NDA?

Here are some common mistakes in an NDA which your business should avoid:

Setting the Right Duration for an NDA

A common mistake is leaving out how long the NDA lasts, or setting a period that does not suit the information.

Most NDAs run for a fixed term, often three to five years. After it ends, the receiving party is generally free to disclose the information. For most commercial information, this is sensible, as the data loses value over time.

Some information needs longer protection. Trade secrets, formulas or long-term strategic plans may warrant a longer term, or a clause that keeps certain categories confidential for as long as they remain secret.

You should also remember that an NDA stops applying to information that reaches the public domain through no fault of the receiving party. Once you launch a product or publish details, the NDA no longer protects that information.

Match the duration to the information. Too short, and you lose protection while the data still matters. Too long or perpetual, and the other party may refuse to sign or a court may view it as unreasonable.

Key Statistics

  1. 11,074: Personal data breach incidents reported to the ICO in 2023, up from 8,799 in 2022.
  2. Three-quarters: Of reported data breaches in 2023 were non-cyber, often human error such as misdirected information.
  3. 72 hours: Time limit to report a notifiable personal data breach to the ICO under UK GDPR.

Sources

  • Information Commissioner’s Office, Data security incident trends (verify latest quarterly figure before publishing)
  • Information Commissioner’s Office, Data security incident trends
  • Information Commissioner’s Office, Personal data breaches guidance

A Vague Definition of ‘Confidential Information’

Ensuring clarity in your NDA’s definition of “confidential information” is vital to its effectiveness. 

Specifying the precise types of data you expect the receiving party to protect is crucial. This will avoid any ambiguity and foster a mutual understanding of the information to be safeguarded.

 When drafting this definition, consider addressing nuanced issues such as:

  • Should the definition of confidential information extend solely to data relating to your business, or should it encompass affiliated entities within your corporate group?
  • Does the scope of confidential information include data shared before the execution of the NDA? Your company may have shared sensitive information before signing, which you wish to be protected.
  • What specific categories of information need protection? Should it be limited to details concerning your business operations, financial affairs, and clientele, or should it encompass a broader spectrum of proprietary knowledge and strategic insights?

A vague definition of confidential information can lead to various issues, such as misuse of certain confidential information and the potential for disputes. 

Ignoring Personal Data Considerations 

A critical oversight within NDAs is the failure to address UK GDPR data protection issues upon disclosure of personal data.

It is essential to consider these concerns to avoid legal consequences and regulatory non-compliance for both parties to an NDA. 

Front page of publication
Supplier Contracts Checklist

Download this free Supplier Contracts Checklist to ensure your contracts will meet your business’ needs.

Download Now

When businesses anticipate sharing personal data as part of their information exchange, additional considerations come into play. Compliance with UK GDPR rules may necessitate the inclusion of specific data protection terms within the NDA. These terms could encompass data-sharing clauses if both parties acted as data controllers in processing personal shared data. 

By considering and incorporating data protection issues and terms, businesses can ensure alignment with UK GDPR requirements in their NDAs to help demonstrate accountability and comply with their legal obligations. 

Failing to Consider NDA Indemnification Risks

A party receiving an NDA needs to ensure it understands the risks involved. 

Indemnity clauses within an NDA can hold the receiving party liable for compensating the disclosing party in the event of a breach of confidentiality. While this might appear reasonable, agreeing to a broad, uncapped indemnity clause can pose significant risks.

Under an uncapped indemnity clause, the receiving party may be held liable for large amounts of compensation far exceeding the relevant value of the project. A common mistake is failing to fully understand the implications of an indemnity clause or neglecting to seek legal advice on its terms. 

This oversight can expose parties signing an NDA to heavy financial risk, highlighting the importance of comprehensive understanding and legal guidance when navigating NDAs. To mitigate this risk, it is vital to only agree to an NDA containing an indemnity clause after seeking legal advice to understand its implications and consider how much compensation your business can be on the hook for.

An experienced commercial lawyer can assist in advising on an indemnity clause in an NDA. A lawyer can also negotiate fair and commercially reasonable limitations, which could safeguard your business from significant financial exposure under an NDA.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form, and we will contact you within one business day.

Key Takeaways

NDAs are vital tools to protect confidential information. Drafting an NDA requires careful attention to detail and thought. Critical mistakes to avoid include:

  • a vague definition of confidential information;
  • overlooking data protection issues; and
  • failing to understand the implications of indemnity provisions.

By proactively addressing these factors and drafting robust NDAs, businesses are better placed to safeguard their confidential information from risk. 

If you need help drafting a robust NDA, our experienced contract lawyers can assist you as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers who can answer your questions and draft and review your documents. Call us today at 0808 196 8584 or visit our membership page.

Frequently Asked Questions

What is the difference between a mutual and a one-way NDA?

A one-way (unilateral) NDA protects information disclosed by one party only. A mutual NDA protects information shared by both parties, so each agrees to keep the other’s information confidential. Mutual NDAs suit situations like joint ventures where both sides exchange sensitive information.

How long does an NDA last?

An NDA lasts for the period stated in the agreement, commonly three to five years. After that, the receiving party is generally free to disclose the information. An NDA also stops applying to information that lawfully enters the public domain.

What happens if someone breaches an NDA?

If a party breaches an NDA, you can bring a claim for breach of contract. A court may award financial damages or grant an injunction to stop further disclosure. In practice, the cost and risk of legal action deter most parties from leaking information after signing.

What is the difference between an NDA and a confidentiality clause?

An NDA is a standalone agreement focused only on confidentiality. A confidentiality clause sits inside a broader contract, such as a service or supplier agreement, as one of its terms. Both can be one-way or mutual and define what is confidential and how it may be used.

Register for our free webinars

AI at Work: Privacy Risks That Could Expose Your Business

Online
AI tools bring new privacy, regulatory, and IP risks. Learn what to watch for and how to manage them.
Register Now

Sexual Harassment: What Every Business Needs to Know Now

Online
Join our free webinar to understand new sexual harassment laws, your obligations as an employer, and how to protect your business.
Register Now

2026 Legal Changes: What In-House Counsel Need to Act on Now

Online
Learn how 2026 UK legal reforms may affect in-house legal teams, from employment and governance to data and consumer law.
Register Now

Director Duties 101: What Every Director Needs to Know

Online
Understand your duties as a company director and how they apply to key decisions when growing a startup. Register for free today
Register Now
See more webinars >
Avatar photo

Sej Lamba

Sej is an Expert Legal Contributor at LegalVision. She is an experienced legal content writer who enjoys writing legal guides, blogs, and know-how tools for businesses. She studied History at University College London and then developed a passion for law, which inspired her to become a qualified lawyer.

Qualifications: Legal Practice Course, Kaplan Law School; Graduate Diploma in Law, Kaplan Law School; BA, History, University College.

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

3 Benefits of Using a Lawyer to Draft Documents for My UK Online Business

3 Business Benefits of Working With a Specialist Commercial Contracts Lawyer

What are the Risks of a Verbal Contract With Your Customers?

3 Key Considerations to Manage Contract Risks

LegalVision is an award-winning business law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards