We spend a lot of time talking to businesses about data protection legislation, compliance frameworks, and the responsibilities that come with handling personal data. Most of the time people’s eyes start to glaze over.
So let’s try something different. Let’s forget about the law for a moment and think about data through a different lens — yours.
Think about your own data
You, right now, as an individual living in the UK, have data everywhere.
Your bank has your financial history, your salary, your spending habits. Your phone provider knows who you call and where you go. Your GP practice holds your medical records. The apps on your phone — from food delivery to fitness tracking — hold fragments of your life that, pieced together, paint a remarkably detailed picture of who you are.
Your energy provider, your insurer, your mortgage company, your employer, the online shops you’ve bought from, the social media platforms you scroll through at night. Every one of them holds something that belongs to you.
Now ask yourself this: do you think about that data as theirs? Or do you think about it as yours?
You lent it to them. You didn’t give it away.
When you signed up for that bank account, you didn’t hand over your personal information as a gift. You shared it because you needed to, because they needed it to provide you with a service. The same is true for every app you’ve downloaded, every form you’ve filled in, every account you’ve created.
You lent them your data on the understanding that they’d look after it, use it for the purpose you agreed to, and give it back or delete it when you no longer want them to have it.
That’s not just a nice idea, that’s the law. Under UK GDPR, you have the right to access your data, the right to have it corrected, the right to have it deleted, and the right to take it with you when you leave. These aren’t technical rights buried in legislation — they’re your rights as a person.
And here’s the question every business owner should ask themselves: if your customers think about their data the way you think about yours, are you treating it with the respect it deserves?
Now flip the lens
You run a business. Your customers share their names, email addresses, phone numbers, maybe financial details or health information. They share it because they trust you. They trust you to keep it safe, to use it properly, and to give it back or delete it if they ask.
That data is on loan to you. It’s not yours. It belongs to someone else.
Every spreadsheet with customer names in it. Every email inbox full of conversations. Every CRM record, every invoice, every contact form submission. That’s someone else’s information that you are temporarily responsible for.
When you think about it that way, data protection stops being a compliance exercise and starts being a matter of basic respect.
What happens when trust breaks down
Think about a time you fell out with a company. Maybe they let you down, maybe you found a better alternative, maybe you just didn’t need them anymore. What’s one of the first things you want? Your data. Deleted, returned, gone. You don’t want them holding onto your information when you’ve got no relationship with them. Your customers feel the same way.
And if something worse happens — if a company you trusted gets breached and your personal data ends up in the wrong hands — how does that feel? It’s not just an inconvenience. It’s a violation of trust. You gave them something personal, and they didn’t protect it.
That feeling — that gut reaction — is exactly what your customers would feel if it happened to them through your business.
It doesn’t take much to get this right
This isn’t about spending thousands on compliance consultants or implementing enterprise-grade data management systems. For most small businesses, it starts with some straightforward questions:
Do you know what personal data you hold? Not vaguely — specifically. Where is it stored? Who has access to it? How long have you had it? Do you still need it?
If a customer emailed you today and said “delete everything you have on me” — could you do it? Would you know where to look? Would you be confident you’d found everything?
If the answer is “I’m not sure,” that’s not a failure. That’s a starting point. And it’s a much more honest starting point than pretending it doesn’t matter. The ICO’s guidance for small organisations is a practical place to begin.
Your customers are paying attention
Consumer awareness of data rights has grown enormously. People read the headlines about breaches. They notice when a company is careless with their information. They talk about it. And increasingly, they choose who to do business with based on who they trust to look after their data.
For small businesses, this is actually an advantage. You’re closer to your customers. You know them by name. The trust is personal, not corporate. When you demonstrate that you take their data seriously — that you understand it’s theirs, not yours — that trust deepens.
And when trust deepens, customers stay longer, spend more, and recommend you to others.
Have you thought about data this way?
Most business owners haven’t. And that’s understandable — you’re busy running a business, not reading data protection legislation. But the shift in thinking is simple:
Stop thinking about data protection as a legal obligation you have to comply with. Start thinking about it as a promise you make to every person who trusts you with their information.
Their data is on loan to you. Look after it like it matters. Because to the person it belongs to, it does.
If you’d like help understanding what data you hold, where it lives, and how to protect it properly, BSS can help. We make data protection practical, affordable, and human.
Book a Free Consultation