The Information Commissioner's Office has given guidance to small businesses warning them that they need to encrypt more data and make sure staff are trained to deal with sensitive information.
Although the majority of the headlines that focus on the ICO's work are about its moves to fine and counter large enterprises and public sector organisations that lose data there are consequences for smaller firms to consider.
In response to the need to educate SMEs more about data protection the ICO has drawn up a list of five areas where firms can make improvements.
The list includes better staff training, being more transparent about what happens to data, using strong passwords, only keeping information as long as necessary and encrypting all portable devices.
Louise Byers, head of good practice at the ICO, said the areas for improvement showed that "good data protection practices can be cheap and easy to introduce".