As you are hopefully aware, The Data Protection Act governs the protection of personal data in the UK. It gives people the right to know what information is held about them to ensure that personal information is handled properly. Data protection states that anyone who processes personal information must comply with eight principles.

1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than is necessary
6. Processed in line with your rights
7. Secure
8. Not transferred to other countries without adequate protection

If your website collects users data, even a simple enquiry form asking for Name, Email and Phone Number, you should include a *Privacy Policy* that informs website visitors how you retain, process, disclose and purge their data in line with the principles above.