Research and analysis

National Survey of Businesses: privacy notice

Published 23 June 2026

The Department for Business and Trade (DBT) is committed to protecting the privacy and security of your information. This notice describes how we process your personal information in accordance with data protection legislation, particularly the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

For the purpose of the GDPR, the Department for Business and Trade (DBT) is the data controller and Ipsos is the data processor.

This notice explains how we collect, store and use your personal data when you take part in research being conducted by Ipsos on our behalf. It is important that you read this notice so that you are aware of how and why we are using your information. 

Why we are processing your data

We already hold your basic contact details in our internal systems. We shared these with Ipsos so they can invite you to take part in this survey, which helps us understand how our support services are working.

What data will be processed

We will process the following information about you:

• business name
• job role
• contact email address
• contact phone number

Lawful basis for processing

Our lawful basis for processing your personal data is that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

DBT, as a government department, has the task of promoting the UK as the best possible place to do business.

This survey is necessary to gather insight into how our support services impact UK businesses and helps us fulfil our public mission.

Taking part in the interview is voluntary. If Ipsos wishes to record or transcribe the interview, they will ask for your consent for that specific activity only. You can decline recording, skip any question, or stop taking part at any time.

We do not intentionally collect any special category information, although you may choose to share this type of information during the interview. If shared, it will be handled sensitively and in line with data protection law

Who will have access to your data

DBT is responsible for your information, but only Ipsos will access your personal details to run the survey. DBT receives anonymised findings and does not see your identifiable information.

Security and integrity of data

We take appropriate technological and organisational measures to protect the personal data submitted or provided to us. Our security procedures are consistent with generally accepted commercial standards used to protect personal data.

All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.

Accuracy

We take all reasonable steps to keep your personal data in our possession or control, which is used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. We rely on you to help us keep your personal data accurate by notifying us of any changes to your personal data.

Data storage and retention

All personal data processed by Ipsos on behalf of DBT for the purposes of this research project will be retained only for such period as is appropriate for its intended and lawful use.

In this case, we shall retain data for no longer than 7 years, unless otherwise required to do so by law. Personal data that is no longer required will be disposed of or irretrievably deleted. Ipsos permanently removes electronic and physical data once it is no longer needed

Rights of individuals

You have the following rights in relation to your personal data.

You have the right to:

• withdraw your consent
• access your personal data
• rectify your personal data
• erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
• data portability
• restrict processing of your personal data
• object to the processing of your personal data

To exercise any of your rights, contact us using the following contact information.

Identity and contact details

Our contact details are:

Data Protection Officer
Department for Business and Trade
Old Admiralty Building
Whitehall
London
SW1A 2DY
Email: data.protection@businessandtrade.gov.uk

If you think we have not complied with our obligation for handling your personal information, you can make a complaint to us by contacting our Data Protection Officer (DPO) using the same contact details.

If you are not satisfied with our response to your complaint, you can contact the Information Commissioner’s Office (ICO), the UK regulator for data protection:

casework@ico.org.uk

Telephone: 0303 123 1113

Textphone: 01625 545860

Monday to Friday, 9am to 4:30pm

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire
SK9 5AF 

 Changes to this privacy notice

We reserve the right to update this privacy notice at any time. We will amend this privacy notice and notify you if we make any substantial changes to the way we process your personal data.

Confidentiality

If you wish the information you provide to be treated as confidential, please be aware that, in accordance with the Freedom of Information Act (FOIA), public authorities are required to comply with the FOIA.

In view of this, it would be helpful if you have reasons for confidentially, if you could explain to us why you wish that information to be treated confidentially. If we receive a request for disclosure of information that has been provided, we will take full account of your explanation. However, we cannot give an assurance that confidentiality can be maintained in all circumstances.