Does your new business meet UK legal requirements?

Does your new business meet UK legal requirements?

The problem with starting a business is that you don’t know what you don’t know. And when it comes to law and legal compliance, not knowing something can put your business at risk. 

So many startup business owners lose sleep wondering if their new business meets UK legal requirements. If that sounds like you, don’t worry, we’ve got your back.

We’re here to help you banish those worries, so you can start your new business with cast-iron confidence. 

Here’s a quick rundown of what you need to think about: from how to choose and register the right legal status for your business, to knowing which laws and licenses apply to you.

Does this sound like you? 

You’re ready to launch your new business - or you’re already up-and-running - but you haven’t got the foggiest about the legal side of things. 

  • Should you be a sole trader or limited company?

  • How do you even set that up?

  • What laws apply to your business?

  • How do you comply with legislation? 

  • Do you need a license to trade?

  • Is insurance compulsory?

  • What about tax? ARGH!

Then read on. Because the last thing we want you to do is worry. Yes, the legal requirements for running a business in the UK are important. But they don’t have to be difficult. Here’s the headline things you need to know about. 

What legal status should your business have?

When you set up a business, you need to register it with the government, HMRC and sometimes other official bodies too. You’ll need to do this fairly soon after you start trading if you want to avoid possible fines. So this is one of the first legal requirements you’ll need to think about.

You’ll probably have heard of limited companies and sole traders already. They’re just two of a wide range of different legal statuses that a UK business can register as. 

The legal status of your company determines how it is set-up and run, what tax you pay, and more. So it’s important to know the ins-and-outs before deciding which is right for you.

Take a look at this guide to UK business formats on our sister site, Transmit Startups. 

What laws apply to my new UK business? 

There are some legal requirements that apply to every business in the UK. And there are others that are specific to particular types of business. We can’t provide an exhaustive list here because there are just so many. But you can look on the Government website for more information. 

Here are some of the legal requirements you’ll need to think about:

Tax

The only certainties in life are death and taxes, so paying tax shouldn’t be a surprise to anyone. Your legal status will determine what tax you need to pay. We recommend working with an accountant to help you understand what and when you need to pay. For small businesses, the cost of an accountant is often offset by the money they can save you through the tricks of their trade. 

Health and Safety

Health and Safety is about protecting anyone else who comes into contact with your business. The Health and Safety Executive is a great place to learn what your legal responsibilities are. It isn’t rocket science but it is extremely important. It centres around having safe facilities, relevant risk assessments and policies in place, providing training, and having a competent person in charge of H&S. See HSE’s Safety Made Simple guidance

Insurances

Business insurance protects you against potential financial losses associated with running your business. From someone slipping over in your shop, to an employee having an accident, or a client losing money as a result of a mistake you’ve made. 

The three biggies are employers’ liability insurance, public liability insurance, and professional indemnity insurance. Only employers’ liability insurance is a legal requirement. But savvy business owners should consider non-required insurances too, to protect themselves in case of lawsuits. Find out more about different types of insurance to protect your business

Data protection and GDPR

All businesses need to comply with The Data Protection Act and UK General Data Protection Regulation - commonly known as GDPR. Your business must follow strict data protection principles to ensure any personal data you handle and collect is used fairly, lawfully and in such a way that it is safe and protected. You may also need to pay a fee to the Information Commissioners Office. Find out more on the Government’s Data Protection pages

Employment law

It’s only right that there are legal expectations of employers, to ensure protection for employees. Employment law is an in-depth subject and too much to write about here. If you are taking on staff, be aware that there are additional legal requirements you’ll need to meet. Read more about HR for new employers here.


Licenses and permits

Some businesses require a license to trade legally. If you don’t have the appropriate license to operate your business, you won’t be able to get business insurance. You may also face a fine or be shut down. The main licenses include those for:

  • serving alcohol

  • providing childcare

  • driving-related businesses

  • financial services

  • food service

  • gambling

  • playing music

  • pet care

  • selling tobacco

  • waste disposal

You can check any license requirements for your specific business with the Gov.uk License Finder. Read Do I need a license to start a business for more information on each of the sectors above.

Intellectual property 

Intellectual property rights protect your business against other traders passing off your work or products as their own. There are several types to be aware of including trademarks, patents, and copyright. If your business delivers unique or novel products or services, managing and protecting your IP should be part of your business planning. Discover more on the Government IP Basics page

Contracts

If you’re offering services - such as web design or accountancy - you’ll need to draw up a contract to make sure you’re protected in case of any dispute with clients. For example, if a client doesn’t pay, they’re unhappy with your service, or something goes wrong. Take a look at Shop Smarta for our hand-selected legal services partners and products

Business premises 

If you have business premises, they’ll need to meet relevant legal compliances. For example, For example, food businesses must have handwashing facilities for staff, toilets and changing facilities, and facilities to clean food and equipment. Without those, you can’t trade legally. Your local authority will be able to advise you on this. Check out this guide to business premises for more information. 

At Smarta, we know that many new business owners lose precious sleep worrying about the legal requirements of running a business. We hope this article has helped point you in the right direction. If you want to really sleep soundly, knowing you’ve got your legal requirements NAILED DOWN, register for our short course: The Letter of the Law.

This 8-hour self-study online course teaches the legal requirements for starting and running a UK business - from how to register a company, to the laws and licenses you need to be aware of. 

Don’t let doubt derail your business startup plans. Learn the legal requirements for starting and running YOUR business. Then crack on with confidence, knowing your business is legal and compliant.

Share

Newsletter signup

read more
Privacy Notice & Cookies Policy

We take your privacy seriously and are committed to maintaining the trust and confidence of our clients, visitors to our website and subscribers to our newsletter. Maintaining the security of your data is critical and we have implemented measures to ensure your privacy rights are respected and applied. We commit to process your data fairly, legally and to be transparent about how we do so.

This notice, which applies whether you use our services or use our website, explains our approach to data integrity and your individual rights.

It does not apply to pages hosted by our referral partners, independent consultants, and associates.

By registering with Smarta you consent to the collection, use and transfer of your information under the terms of this notice.

Put simply, we set out what we are going to do with your data in this Privacy Notice.

  • We ask you to read this Privacy Notice to ensure you are happy with the way that Smarta will process your data.

  • We ask you to confirm that you agree with our Privacy Notice when you confirm your decision to enter into a customer relationship with us.

  • We provide the option to opt into the different marketing options that you prefer.

The processing of personal data is governed by the General Data Protection Regulation 2016/679 (GDPR).

The notice may change from time to time so please check for updates.

If you need further details or are unsure in any way, please contact us at  info@transmitstartups.co.uk .

Who are we?

Smarta is a trading name of Transmit Start-Ups Ltd which is a Limited Company registered in England. (referred to as “Smarta” “Transmit”, “we”, “our” or “us” in this notice).

Our registered number is 08702257.

Our registered office is Northern Design Centre, Baltic Business Quarter, Abbott's Hill, Gateshead, NE8 3DF.

What personal information do we collect and process?

We collect and process your data in the following circumstances:

  • When you register to join Smarta

  • When you join the small business directory

  • When you use our website

  • When you sign up for our mailing list

  • When you complete the contact form on our website

  • When you contact us through other means such as email, telephone, or web chat

Smarta may collect the following information about you:

  • Your name, date of birth and gender

  • Your ethnicity, qualification levels and employment status

  • Your contact details: postal address, telephone numbers (including business, personal & mobile numbers) and e-mail address

  • Your device’s IP address

  • Your online browsing activities on the Company website

  • Your communication and marketing preferences

  • Your interests, preferences, feedback, and survey responses

  • Your location

  • Your correspondence and communications with us

  • Other publicly available personal data, including any which you have shared via a public platform (such as a LinkedIn profile, Twitter feed or public Facebook page).

  • Information about your business

This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this notice. Some of the above personal data is collected directly, for example when you engage with us. Other personal data is collected indirectly, for example your browsing activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.

Why do we collect and process your personal information?

We only collect and process the information needed to effectively provide our services to you, as well as for contact and communication purposes.

We will use your personal information as part of our internal reporting processes.

How is your personal information used?

We use your personal data:

  • To provide services to you

  • To effectively communicate with you

  • To respond to your enquiries

  • To make our website and other social media content available to you

  • To verify your identity

  • For crime and fraud prevention, detection, and related purposes (if mandated by law)

  • To contact you (with your agreement) electronically about promotional offers and services which may interest you

  • For market research purposes and to better understand your needs

  • To enable us to manage service interactions with you

  • To ensure compliance with our contractual obligations, including auditing and reporting, we have in providing our service to you

  • Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute)

  • Test new systems and check upgrades to existing systems to improve our service delivery

  • Help improve our products and services, for quality control, security, internal record keeping and other business needs

Certain types of personal information, such as gender and ethnicity, are used only as part of our contractual reporting requirements, for the purposes of monitoring and promoting equal opportunities.

The lawful basis for processing your personal information

Legitimate interest

We may collect, hold, and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, including, but not limited to:

  • To send you information about your loan

  • To provide details of the benefits available as part of the loan agreement

  • Protecting customers, employees and other individuals and maintaining their safety, health, and welfare

  • Promoting, marketing, and advertising our products and services

  • Understanding our customers’ behaviour, activities, preferences, and needs

  • Improving existing products and services and developing new products and services

  • Complying with our legal and regulatory obligations

  • Preventing, investigating, and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies

  • Handling customer contacts, queries, complaints, or disputes

  • Protecting Transmit Start-Ups Ltd., its employees, and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us and our staff

  • Effectively handling any legal claims or regulatory enforcement actions taken against us

  • Fulfilling our duties and obligations to our customers, staff, colleagues, shareholders, and other stakeholders.

Consent

We collect, hold, and process your personal data on the basis that you give us consent when you accept this Privacy Notice.

We will seek your consent to hold and process your data when you sign up to our mailing list or we need to ask for any sensitive data as part of the application process. If you chose not to sign up to our mailing list, we will still communicate with you when necessary as part of our contractual obligations.

You remain in control of the personal data you share with Transmit. You can change your preferences at any time, by choosing whether you want to give consent to your data being processed for specific types of communication and / or communication channels.

Vital interest

We may use your personal information to contact you if we reasonably believe that the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.

Legal Obligation

We may use and process your personal data to comply with our legal obligations such as HMRC requirements, if it is genuinely needed for law enforcement, to identify you as an individual if you contact us, or to verify the accuracy of your data.

Who we share your personal information with

Our service providers and suppliers

In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include HMRC, cloud storage and IT providers.

Transmit only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Transmit and to you, and for no other purposes.

Where your personal information is stored

Your information is stored on dedicated hardware used by Transmit Startups and all data is held and backed up within the UK or EU or is covered by the  EU-US Privacy Shield Framework .

The data is stored within a MariaDB database in a secure hosting environment. The only way to access the database is via a server console or via SSH. 

User data is also synced into Hubspot – a cloud-based Customer Relationship Management system.

Images & Assets are securely hosted on a service called S3 - which is an Amazon Web Service (AWS) service. Only authenticated users within the site have access to push files to this location. 

Where you communicate with us by email, we may store copies of the emails. Our email service is provided through  Google G Suite .

How we keep your personal information secure

We are committed to keeping your personal data safe and secure.

Our security measures include:

  • Encryption of sensitive data

  • Back up of data

  • Password management

  • Implementing risk management and data impact assessment analysis

  • Regular cyber security assessments of all service providers who may handle your personal data

  • Security controls which protect our IT infrastructure from external attack and unauthorised access

  • Internal policies setting out our data security approach and training for staff.

Only authorised and trained personnel can access your personal information if required to do so as part of their legitimate job role.

How long we keep your personal information

We will not retain your data for longer than necessary for the purposes set out in this notice. As long as you wish to be a customer of Smarta or be displayed in our directory we will retain your data for that purpose.

Your personal data stored in the website’s database will be automatically deleted from here after five years. You can request the amendment or deletion of your data at any time.

Automated decision making, including profiling

We may retain some data for reporting and statistical purposes however this will only occur after removing all personal information that would allow an individual to be identified. This is called anonymisation.

Transmit do not engage in any profiling activity.

When do we collect your information?

Website forms

Our website has forms built-in to allow the user to create an account and interact with the site via the submission of data. When you use our forms, the information submitted is securely stored in the website’s database. Your personal data stored in the website’s database will be automatically deleted from here after five years. Your personal data is encrypted by the website.

The website is built using a framework called Laravel (it is an open-source PHP MVC framework for bespoke platform development). 

The forms are built within this stack using VueJS, form data is submitted via Axios (AJAX HTTP requests) to a controller that parsers the data and stores in within a data store. 

Sensitive data and passwords are encrypted using OpenSSL and the AES-256-CBC cipher. 

Mailing list

If you opt-in to our newsletter when registering we collect your email address and name so that we can correspond with you. Your personal data will be stored on the website and Hubspot, which we use to send our newsletters. You can request to be removed anytime by clicking ‘unsubscribe’ in any newsletter/mailout or by contacting us.

Online data management (analytics and security)

When someone visits our website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns.

We collect information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit, entry and exit points and the number of page views).

We do this to find out things such as the number of visitors to the various parts of the site.

This information is only processed in a way which does not identify anyone.

We do not make and do not permit Google to make, any attempt to find out the identities of those visiting our website.

If we do ever want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Website security and backups

Our website has HTTPS encryption via a Let’s Encrypt SSL certificate to ensure any data passed between your browser and the web server (where this website is hosted) is encrypted. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.

This website and its database are automatically backed up every day via our hosting provider AWS (Amazon Web Services). Backups are stored for 90 days in the EU Region.

Links to Other Web Sites

This Privacy Notice does not cover the links within our site linking to other websites. Those sites are not governed by this Privacy Notice, and if you have questions about how a site uses your information, you will need to check that site’s privacy information.

Cookies

Like most websites, the Smarta website uses cookies to collect information. Cookies are small data files which store information on your browser, your computer, or other connected devices (such as smart phones or tablets). Cookies allow us to recognise that you have visited our website previously.

Cookies are essential for the effective operation of our website; they make it easier for you to maintain your preferences on our website and improve your web browsing experience.

The cookies stored on your browser, computer, or other device when you access our websites are designed by Smarta, or on behalf of us, and are necessary to improve your use of our site.

Some cookies collect information about browsing behaviour when you access this website via the same browser, computer, or device. This includes information about pages viewed and your journey around a website. We do not use cookies to collect or record information on your name, address or other contact details.

A cookie often includes a randomly generated number which is stored on your device. Many cookies are automatically deleted after you finish using the website.

Use of Cookies

This website does not store any information that would, on its own, allow us to identify individual users of this service without their permission. Any cookies that may be used on this website are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties.

The main purposes for which cookies are used are:

  • For technical purposes essential to effective operation of our websites, particularly in relation to site navigation.

  • To enable us to collect information about your browsing patterns, including to monitor the success of conveying our information to you.

Types of cookies that may be used during your visit to the website are listed below:

Cookie Name

Expiration Time

What It Does

smartabusinessdirectory_session

1 Day

Session cookies are a way of storing the user information across multiple user requests via secure encrypted cookies. This cookie will be deleted after the current session is finished.

XSRF-TOKEN

1 Day

CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one making the requests to the application.

_ga

2 Years

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gid

1 Day

Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gat

1 Day

Used by Google Analytics to throttle request rate.

_fbp

3 Months

This cookie is used to measure, track, and retarget with Facebook ads.

How do I disable cookies?

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third-party cookies. For example, in Chrome, you can block or allow all cookies by default. On your computer, open Chrome. At the top right, click ‘More Settings’, then under 'Privacy and security', click Cookies and other site data and select an option.

How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below. Please be aware that blocking all cookies will, however, have a negative impact upon the usability of many websites, including ours.

Microsoft Internet Explorer
1. From the Tools menu, select Internet Options.
2. Click on the Privacy tab.
3. Select the appropriate settings.

Google Chrome
1. Choose Settings> Advanced
2. Under “Privacy and security,” click “Content settings”.
3. Click “Cookies”

Safari
1. Choose Preferences > Privacy
2. Click on “Remove all Website Data”

Mozilla Firefox
1. Choose the menu “tools” then “Options”
2. Click on the icon “privacy”
3. Find the menu “cookie” and select the relevant options

Opera 6.0 and further
1. Choose the menu Files”> “Preferences”
2. Privacy

International transfers

To deliver a full range of services to you, it may be necessary for us to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under GDPR.

If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice will be to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed on the  European Commission website.

How you can help protect your personal information

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety:

  • Keep your account passwords private. Remember, anybody who knows your password may be able to access your account.

  • When creating a password, use at least 10 characters. A combination of letters, symbols and numbers is best. Try not to use easy to guess words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your passwords.

  • Avoid using the same password for multiple online accounts.

Your rights in respect of the personal information we hold

We fully support and facilitate the ability of people to exercise their rights in respect of the personal information supplied to others. See our Privacy Policy -  https://transmitgroup.co.uk/privacy-policy/

If you wish to correct, complain, object, or otherwise control the data we hold please contact us and we will respond accordingly.

Please contact us if you have any questions about how your personal information is being used or if you are unhappy about our service or anything we do. We will do our best to resolve the issue.

An overview of your different rights

You have the right to request:

  • Access to the personal information we hold about you, free of charge.

  • The correction of your personal information when incorrect, out of date or incomplete.

  • For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the personal information has come to an end.

  • That we stop using your personal information for direct marketing (either through specific channels, or all channels).

  • That we stop any consent-based processing of your personal information after you withdraw that consent.

Your right to withdraw consent

Whenever you have given us your consent to use your personal information, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest

In cases where we are processing your personal information based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal information.

Direct marketing

You have the right to stop the use of your personal information for direct marketing activity through all channels, or selected channels. We must always comply with your request.

How you can access the personal information we hold

You can access a copy of the personal information we hold by submitting a Subject Access Request to us using the contact details below.

We will respond to as soon as possible, and in any event, within one month of verifying the request. Our Subject Access Request policy can be provided on request.

To protect the confidentiality of your personal information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Getting in touch with Smarta

We can be contacted at:

Smarta,

Northern Design Centre,

Baltic Business Quarter,

Abbott's Hill,

Gateshead,

NE8 3DF

Phone: 0333 355 4886

Email:  info@transmitstartups.co.uk

The Supervisory Authority in the UK

The Supervisory Authority in the UK is the Information Commissioners Office (ICO).

Transmit Start-Ups Ltd can be found on the Data Protection Register. The registration number is ZA047144.

Complaints

If you would like to make a complaint about the way your personal data has been handled by Smarta, you can contact us using the details given above. Our complaints policy can also be provided on request.

Alternatively, you can refer your complaint to the ICO -  https://ico.org.uk/make-a-complaint/