Data protection is important for all businesses and there are a number of legal requirements that it is important to know about. When it comes to taking and storing customer and staff data you should ensure that you have a legitimate reason to do so. This could include the need to hold information on your staff so you can ensure their safety if they were to fall ill whilst at work as well as being able to confirm their identity and their right to work in the UK.
Customer data may be kept if need to hold information on their payment methods for recurring products or subscriptions. You may also need to keep their address information for any products that you need to send to them. It is important that you also have a policy for destroying information that you no longer need to keep.
These procedures can include working with a Confidential Waste Disposal Oxford company such as www.printwaste.co.uk/confidential-shredding/confidential-shredding-oxford/ to have any paper data that you hold destroyed in an appropriate manner. If you hold digital data you will need to have a procedure for having this destroyed as well. This might include a process for physically deleting the data from your systems on a regular basis. You should ensure that you are not keeping any data for any longer than is absolutely necessary for you to continue providing your products or services to your customers.