15. Legal aspects you need to be aware of
In addition to the legal requirements of setting up your business and employing people, you need to be aware of the ones below. Your trade association will also provide information on further legislation that is relevant to your industry.
Protect your intellectual property
If you have any Intellectual Property (IP), such as inventions, literary and artistic works, designs and symbols, names and images, you should consider protecting it through, for example, patents, copyright and/or trademarks. For details about how to protect your IP, visit the GOV.UK web page ‘Intellectual property and your work’.
Licences or permits
Check to find out if your type of business needs a licence or permit.
Insurance
Insurance can be a legal requirement, depending on the type and size of the business you run. See our section on Insurance.
Health and safety
If you’re self-employed and your work doesn’t pose a risk to the health and safety of other workers or members of the public, health and safety law doesn’t apply to you. If you have fewer than five employees you don’t have to write down your risk assessment or your health and safety policy. All that’s required of many businesses is to make sure people are protected from harm caused by their business’s work activities. Full details are provided on the Health and Safety Executive’s web page ‘Health and safety made simple’.
Data protection
The General Data Protection Regulation (GDPR) forms part of the data protection regime in the UK, together with the Data Protection Act 2018. The GDPR governs how businesses collect, store and handle an individual’s data, and determines the penalties for those who fail to comply. If your business holds personal information (any detail about a living individual that can be used on its own, or with other data, to identify them) about an individual/customer, whether electronic or on paper, you need to prove that you have a lawful basis for doing so, for example you have obtained their consent or it is in your legitimate interest to hold/use that person’s data. You are also required to pay a data protection fee.
The GDPR requires that personal data should be: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; kept for no longer than is necessary; processed in a manner that ensures appropriate security of the personal data. The Information Commissioner’s Office (ICO) has published guidance for micro, small and medium-sized businesses here.
If you do telephone, email or other electronic marketing then you need to comply with the Privacy and Electronics Communications Regulations (PECR). More information is available from the ICO here.
GDPR may appear confusing to you. If you are finding the concepts difficult, we are happy to signpost you to relevant guidance documents. The ICO offers help via email and there is also live chat, which we have found useful. (Note: be persistent with the live chat as it is sometimes difficult to connect).