What is governance? Sitting behind every business decision you make, it’s how you work. Plus, it’s how you meet the laws and regulations that apply to your business.

In this lesson, we’ll look at some of the main business laws and regulations. We’ll explain what you need to know about protecting data. And we’ll highlight some of the policies you may need.

“Good corporate governance can help bring in outside expertise, attract funding and ensure long-term sustainability.”

 Institute of Directors


  • Identify the laws and regulations your business should follow
  • Know how to meet data protection rules
  • List the documents you need to have in place

Read time:

10 mins

Chapter 1

Why is governance important?

Read time:

2 mins

It’s not just about the rules

So, we know that governance is about making sure your business follows certain rules. Some of these rules are laws that apply to all businesses. Other rules apply to certain sectors.

But governance is more than just following these rules. It’s about how to run your business in a fair and effective way.


So it includes things like:

  • Keeping your customers’ data safe – So you can build their trust
  • Having clear contracts with your suppliers – To build and keep good relationships with them
  • Setting out working conditions for your team – To help keep them safe at work


It’s everything you do to show that you run your business with integrity. This can benefit you in many ways.


For example:

  • If your products meet quality standards – This may lead to more sales
  • When you use patents – These can help stop others from copying your ideas
  • Having fair HR policies in place – These can help you retain staff and reduce recruitment costs


Why is data protection important?

Data is valuable, and it’s in your interests to keep yours safe. This is data you keep about your company, your team and your customers. Some of the key business rules are about keeping this data safe. So in this module, we’ll explore these rules and give you tips on how to do this.


Which rules apply to me?

Whichever industry you’re in, there will be laws, regulations and data rules that you need to follow. Some of these will be just for your sector. Others may apply because of what you do, or where you (or your customers) live.


Here are some things to think about:

  • Where you operate – Local or country-specific rules plus those on running your business from home, online or renting business premises
  • Where your customers are – For instance, the tax laws on exports outside the UK
  • The sector you work in – From childcare to construction, who sets the standards for your industry?
  • Tools and equipment – Like the regulations on using PPE at work
  • How you advertise your products or services – Whether online or offline
  • What you produce or sell – There are different safety rules on food and non-food items, and rules on energy use for some products


You’ll find some rules and guidance in this lesson. We don’t list all the rules. So it’s up to you to find the ones you need to know. Use this lesson as a starting point. Then follow it up with your own research.

Chapter 2

Laws and regulations

Read time:

4 mins

What are laws?

Laws are rules that apply across the whole country. They are there to protect us and our businesses. The government sets the laws, and our legal system enforces them.


What are regulations?

Regulations can be specific to certain sectors. Government agencies look after some of these rules. And there are other organisations who also set them. They aim to help and guide you, so it’s good to seek them out.

Some of these rules are there to enforce laws. And some are there to set standards – like the CQC for the health and social care sector.


Key business laws and regulations

When you apply governance, you’re working to meet these laws and regulations. There are certain key rules to follow. So here are some you need to be aware of.


Select each one to find out more.


Laws and regulations can be quite complex. They may change over time. So it’s good to keep up to date with the ones that directly impact your business. Why not save the links of any government agencies and regulating bodies to use later?

Chapter 3

Data protection

Read time:

1 min

Data protection rules

We’ve mentioned the Data Protection Act and GDPR. These are the main rules on data protection. These laws aim to give people more control over their personal data. If you ask for, store, use or share this kind of data, then they apply to you.


GDPR and your business

GDPR rules say you need to ask your customers, if you want to use their data. If they ask you to delete their personal data, you need to do this. And you need measures in place to protect data from unauthorised access, loss or damage.


What you can do to keep data safe:

  • Encrypt sensitive data – This hides the data and prevents unauthorised people from accessing it
  • Limit access – Think about who needs to see or use it
  • Regularly update software – These often include security updates
  • Have a backup and restore plan – In case data is lost
  • ​Train employees – Make sure your team know the rules on how to use customer data
  • Use tools to help – For encryption, secure storage, password management and authentication


What to do if there’s a data breach

  • Track the source and extent of the breach – You may have systems to help with this
  • Work to fix the issue – Your IT team will need to take action
  • Report it – You can contact the ICO via their website to do this
  • Tell those affected – Be honest and act quickly to reduce their risk


If you want to learn more, check out the GDPR website.


Other countries have their own data protection rules. So if you operate outside the UK, you should research these.

Chapter 4

Policies and other documents

Read time:

2 mins


Policies are what you write to show how you’re applying governance in your own business.

So they show that you’re following the rules that apply to you. They can also do more than that. Policies can build trust and promote a responsible and ethical way of working. When you write them, think about who you are writing for. Bear this in mind as you review your existing policies.


Write your policies for:

  • Customers – They should know what to expect when they buy from you
  • Your team – New joiners should see what you expect from them
  • Regulators – Your policies should clearly show you are following their rules
  • ​You – Can you use these to help make decisions that reflect your core business values?


What policies does my business need in place?

You may already have some policies in place. As your business grows or changes, it’s good to review these. And you may be thinking of others that you need to add.

Here are a few suggestions. Some focus on your customers, others on your team.


Which policies do you need?

  • Consumer rights – These include policies for delivery, refunds, faulty items and complaints
  • Privacy – For example, how you use and store personal data
  • Accessibility – Including how people with disabilities can access your business
  • Equal opportunities – To show that you treat all your team fairly
  • Code of conduct – Rules to set standards of behaviour for your team
  • Health and Safety – To state what you and your team do to keep safe at work
  • IT use – These say how your team should use IT in a safe and responsible way

Make a note

Make a list of the ones you think you might need to add or change.

Other key documents

These aim to protect your business. They help you avoid disputes with suppliers, customers and employees.


Some examples are:

  • Employment contracts – For permanent and freelance / temporary workers
  • Shareholder agreement – Sets out the relationship between you and your shareholders
  • Partnership agreement – States the roles, rights and duties of each partner
  • ​Non-disclosure agreements – Can reduce risks when you need to share confidential information with third parties
  • Supplier agreements for goods or service – Lays out your terms of trading
  • Website terms and conditions – These can help to protect your content from misuse

Chapter 5

Next steps

Read time:

1 min

What you’ve got so far

In this lesson, you learned how to:

  • Identify key laws and regulations your business should follow
  • Know what you need to do to protect the data you keep and use
  • Recognise the governance documents your business needs


Your changing needs

Be aware that your governance needs may change over time. Your business may grow or move into another sector. You may change or develop new products or services. And your day-to-day activities may change. All of these are good reasons to review your policies. And to check that you still meet the right rules for your business.


Here are some tips to help you move forward:

  • Stay up-to-date – With the latest laws and regulations
  • Train your team – To make sure they understand their responsibilities
  • Review your policies regularly – This keeps them up-to-date and effective
  • Seek advice when you need it – From legal and compliance professionals


Lloyds Bank Academy is committed to providing information in a way that is accessible and useful for our users. This information, however, is not in any way intended to amount to authority or advice on which reliance should be placed. You should seek professional advice as appropriate and required. Any sites, products or services named in this module are just examples of what's available. Lloyds Bank does not endorse the services they provide. The information in this module was last updated on 21st April 2023.