fbpx Skip to content

Data Protection and the Virtual Assistant

Data Protection is one of those areas where if you ask 10 different people “Do I need to be registered?” you’ll get 10 different answers.  So we wanted to clear this one up: As a UK VA, you DO need to be registered.

Already registered?  Click here to find yourself on the list and to find your registration number.

Here’s why:

Firstly because you will be holding and storing data on your own clients.  So that might be as simple as their email address to send them an invoice, or it might even be an all-singing and dancing CRM.  It doesn’t matter – you still have a responsibility to them to keep that data secure.  And therefore you need to understand what “secure” means and what would constitute a data breach.

Secondly your clients may well ask you to process data on their behalf, and as someone handling that data, you need to know best practice to protect your clients, but also to protect yourself.  It is your phone number which will be reported to the ICO if you make unsolicited calls to TPS registered numbers.

Your data handling responsibilities:

  • Who is responsible for the security of this data? E.g. removing unsubscribe requests, keeping details up to date, deleting old data, dealing with queries from those on the list about the data, making sure that only those who actually need the data have access to it within the organisation.
  • Where has this data come from? E.g. has the contact actively opted in to receive this information?
  • Access: Where is it stored? Who has access to that?  So if it’s on an old computer, who makes sure it gets digitally wiped before being recycled?  Do you make sure that no one else can access their private details (using BCC function/emailing programmes)?
See also  Why I Love Being A Virtual Assistant: Fiona of Support4Success

At £40 a year, it’s not a massive financial burden, and it does give your clients confidence in your professionalism.

You can register here: https://ico.org.uk/for-organisations/register/


  1. Daniella McErlain on 10 February, 2017 at 12:05 pm

    What would you state as the Sector and Nature of Work drop downs on the Data protection Registration form online? Currently can’t see anything that a VA would come under unless I select ‘Media’ or ‘Other’ for the Sector, and ‘nature of work’ drop down doesn’t include anything resembling VA or administration/Editorial work. Would it just be classed as ‘General Business’. Grateful for any support you can offer so I don’t select or edit the wrong thing whilst registering.

    • Caroline on 10 February, 2017 at 2:20 pm

      Hi Daniella

      This is one of my bugbears with the HMRC classification system and what we do – there is no “one size fits all” or specific VA definition so you need to pick the one which matches what you do as closely as possible… A heck of a lot of us just put “Consultant” under OTHER but you might offer accountancy services and want to put that in?

  2. Anita Varma on 2 August, 2019 at 9:21 pm

    Thank you for the above Caroline. I have just registered for the DPA.

    I am just starting up, and hadn’t realised what was required.

    I don’t understand or know how to add the cookies disclaimer on. Would you be able to help?

    Your help is much appreciated.


  3. Nicky on 9 June, 2023 at 8:40 am

    Hi, I’m hoping to start working as a membership secretary for a charity later this year – where can I get the right training for this, for CRM and for data protection in order to register for that too – I assume a training course is needed to register to show that you do know how to keep data safe?

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.