Non Disclosure Agreement (NDA): Key Things To Know

Sharing your ideas, customer lists or pricing with someone outside your team can feel risky. A non disclosure agreement is the simple, low-cost way to reduce that risk – so you can explore partnerships, hire suppliers, or pitch to investors with confidence.

In this guide, we’ll explain what an NDA does in the UK, when to use one, the key clauses to include, how to sign an NDA properly, and the common mistakes we see small businesses make. With the right document in place, you’ll be protected from day one.

What Is A Non Disclosure Agreement And When Should A Business Use One?

A Non-Disclosure Agreement (often shortened to “NDA” or called a confidentiality agreement) is a binding contract where a person or organisation agrees not to disclose or misuse confidential information you share with them. For UK SMEs, an NDA is an essential tool whenever you need to speak openly but still protect your commercial edge.

Common situations where you should insist on an NDA include:

• Early discussions with potential partners, distributors or resellers
• Briefing freelancers, consultants or agencies before you’ve hired them
• Exploring a sale of your business, a joint venture or investment
• Giving a contractor access to source code, product roadmaps, or client lists
• Sharing business plans, pricing models, or proprietary processes in a pitch

In simple terms: if you’d be uncomfortable seeing the information on the internet or in a competitor’s hands, get an NDA signed first. A properly drafted Non-Disclosure Agreement makes your confidentiality obligations clear and gives you practical remedies if things go wrong.

What Should A UK NDA Include?

Not all NDAs are equal. A strong, UK‑law NDA balances clear, practical obligations with enforceable legal protections. Here are the clauses most small businesses should expect to see.

Clear Definition Of “Confidential Information”

Start with a wide, sensible definition that captures both written and oral disclosures. Good definitions cover information about your business, technology, customers, finances, inventions, plans and discussions – whether marked “confidential” or not.

It’s also common to include examples (e.g. “source code,” “pricing spreadsheets,” “pitch decks”) so the parties know exactly what to protect.

Purpose And Permitted Use

The NDA should say exactly why you’re sharing the information (the “purpose”). For example: “to evaluate a potential distribution relationship in the UK.” The recipient must only use the information for that purpose – not for their own gain or for any competing activity.

Obligations To Protect

Expect a core promise to keep your information confidential and to use “at least the same degree of care” the recipient uses for their own secrets. Add practical guardrails such as:

• Limit access to people who genuinely need to know (employees, contractors, advisers)
• Ensure anyone who gets access is bound by confidentiality obligations at least as strict as the NDA
• Store the information securely and prevent unauthorised copying or downloads

Standard Exclusions

There are reasonable carve-outs so the recipient isn’t liable for information that is already public, becomes public through no fault of theirs, is independently developed without using your confidential information, or was lawfully known to them before disclosure. These exclusions keep the NDA fair and enforceable.

Return And Destruction

Once discussions end (or on your request), the recipient should return or securely destroy confidential materials and confirm they’ve done so. Keep a narrow allowance for legal or backup retention if absolutely necessary, ensuring any retained material stays confidential.

Compelled Disclosure

If a court, regulator or law requires disclosure, the NDA should require the recipient to:

• Notify you promptly (where lawful) so you can seek to limit or prevent the disclosure
• Only disclose the minimum necessary
• Maintain confidentiality protections as far as possible

Duration (How Long It Lasts)

How long should an NDA last? It depends on the information. Commercial information is commonly protected for 2–5 years. True trade secrets (like a formula, algorithm or unpatented invention) may be protected indefinitely. Choose a term that reflects the realistic lifespan of the information’s value.

Remedies (What Happens If It’s Breached)

Money damages might not fix a leak once confidential information is out. Your NDA should allow you to seek injunctive relief (a court order to stop the misuse or further disclosure) and other equitable remedies. This is often what really protects your business in practice.

Non-Solicit Or Non-Compete (Use With Care)

It’s common to include a narrow non-solicitation clause (e.g. not poaching specific staff or clients for a defined period). Avoid heavy-handed non-competes in a simple NDA – restrictions on competition are closely scrutinised in the UK and may be unenforceable if they go beyond what’s reasonably necessary to protect legitimate interests.

Governing Law, Jurisdiction And Notices

Specify that the NDA is governed by the laws of England and Wales (or Scotland, if appropriate), which courts can hear disputes, and how formal notices must be delivered. Clear boilerplate helps avoid procedural disputes later.

One-Way Vs Mutual

A one-way NDA binds only the recipient, which is fine when you’re the only one disclosing. A mutual NDA binds both parties where information will flow both ways. If that’s your situation, a short, balanced Mutual NDA is the cleanest approach.

How To Get An NDA Signed And Enforced

An NDA only protects you if it’s put in place at the right time and executed correctly. Here’s how to do it well.

Get It In Place Before You Share Anything

Send your NDA ahead of the first substantive meeting, demo or data room access. It’s harder to ask someone to sign later, and worse, you risk losing protection for what you already disclosed. Make NDAs a standard part of your pre‑meeting process.

Make Sure There’s Consideration (Or Sign As A Deed)

Under English contract law, a simple contract requires consideration – something of value each party gives. In a mutual NDA, reciprocal promises usually satisfy this. In a one‑way NDA, consider a small fee or, more commonly, have it executed as a deed to avoid consideration issues. If in doubt, ask us to structure it so it’s enforceable from day one.

Use E‑Signatures Safely

NDAs can be signed electronically in the UK. Provided the parties intend to sign and the method reliably identifies them and their approval, e‑signatures are generally valid. If you’re not sure about the process for witnessing or for deeds, check our guidance on executing contracts to avoid common pitfalls.

Limit Who Can See The Information

Even with an NDA, don’t overshare. Disclose in stages, watermark documents, and use access controls. Consider secure data rooms with view-only settings and audit logs so you can track who accessed what and when.

Keep A Paper Trail

Save signed copies, dates of disclosure, versions of materials shared, and meeting notes confirming that discussions are confidential. If you ever need to enforce the NDA, your records can make all the difference.

Act Quickly If There’s A Problem

If you suspect misuse, act fast: freeze access, request return or deletion under the NDA, and seek legal advice about injunctive relief. Breach of an NDA can be serious – our explainer on breaking an NDA sets out the practical consequences and commercial options.

NDAs, Data Protection And IP: How They Fit Together

NDAs are one part of the protection puzzle. Depending on what you’re sharing, you’ll often need to pair an NDA with other legal tools.

Personal Data And UK GDPR

If you share customer or employee personal data, the UK GDPR and Data Protection Act 2018 still apply. An NDA doesn’t replace your privacy obligations – it sits alongside them. Make sure your public‑facing Privacy Policy is accurate, and where a supplier processes personal data for you, have a proper Data Processing Agreement in place that meets the mandatory UK GDPR requirements (for example, rules on sub‑processors, security and deletion).

Intellectual Property Ownership

An NDA does not transfer intellectual property. If you’re commissioning work (for example, design assets, code, product copy), you’ll need an IP Assignment or a contract that clearly vests IP in your business. Otherwise, the creator may own the rights by default. This is especially important when engaging freelancers and agencies; our guide on intellectual property and independent contractors explains why ownership terms are critical.

Commercial Contracts Still Matter

Once you move beyond exploratory talks, switch from an NDA to a proper commercial agreement (for example, a Consulting Agreement, Reseller Agreement or Services Agreement) with confidentiality, IP and liability clauses built in. An NDA is designed for early‑stage discussions – it isn’t a substitute for a full contract.

Trade Secrets And Internal Controls

If your business relies on trade secrets, combine NDAs with practical measures: need‑to‑know access, strong password policies, security training and exit checklists. Courts look at whether you’ve taken reasonable steps to keep information secret. Your legal and operational controls should work together.

Common NDA Mistakes Small Businesses Make (And How To Avoid Them)

We review and negotiate NDAs every day. These are the avoidable missteps that cause the most pain later.

1) Waiting Until After You’ve Shared Information

It’s tempting to “just have a chat” and organise paperwork later. Don’t. If the other side resists an NDA, that’s a red flag. Keep your high‑value details back until it’s signed.

2) Using A US‑Style Template For UK Deals

We often see templates with unfamiliar concepts, punitive damages, or unworkable remedies under UK law. Use a UK‑drafted NDA governed by England & Wales, with realistic remedies and a fair duration.

3) Overly Broad Or Vague Definitions

Courts favour clarity. If “confidential information” is so broad that nobody can tell what’s covered, you risk enforceability issues. Strike a balance: broad coverage with concrete examples and sensible exclusions.

4) No Thought To Duration

“Forever” is not always appropriate. Match the term to the value of the information. For trade secrets, consider an indefinite obligation; for routine commercial information, 2–5 years is typical.

5) Sneaking In Non-Competes

Some NDAs smuggle in wide non‑compete clauses. These can be unenforceable restraints of trade unless they’re carefully tailored to protect a legitimate interest. Keep your NDA focused on confidentiality and consider separate, narrowly‑drafted restrictions where truly justified.

6) Forgetting About Advisers And Subcontractors

Make sure the recipient can share information only with named categories of people who need to know – and that those people are bound by equivalent obligations. If a subcontractor leaks your deck, you want the main recipient to be responsible.

7) Missing Practical Remediation Steps

Your NDA should require prompt notice of any breach, cooperation to mitigate harm, and return or deletion of data on request. These operational clauses help you contain issues quickly.

8) Poor Execution Formalities

If you’re relying on a deed, check it’s signed correctly by each party (the formalities differ for companies and individuals). If you’re unsure, follow best practice for executing contracts so the document holds up when you need it.

9) Assuming An NDA Is All You Need

An NDA is just one layer of protection. For data, you still need UK GDPR compliance. For deliverables, you still need IP ownership terms. For ongoing work, you still need the right commercial contract. Use the NDA to open the door – then move to the right agreement as discussions progress.

Key Takeaways

• An NDA is a straightforward way to protect sensitive information during early discussions, pitches and supplier briefings – get it in place before you share anything valuable.
• A strong UK NDA covers a clear definition of confidential information, purpose‑limited use, security obligations, exclusions, return/destruction, compelled disclosure, duration, remedies and governing law.
• Sign your NDA properly: consideration matters for simple contracts, so one‑way NDAs are often executed as deeds; e‑signatures are generally fine when used correctly.
• Pair your NDA with other protections: a compliant Privacy Policy and Data Processing Agreement for personal data, and an IP Assignment or robust services contract when commissioning work.
• Avoid common traps like US‑centric templates, vague definitions, excessive non‑competes, and poor execution formalities – each can undermine your protection.
• If you regularly share sensitive information, standardise your process with a lawyer‑drafted Non-Disclosure Agreement or a balanced Mutual NDA tailored to your business.

If you’d like help preparing an NDA that actually protects your business, or want us to review one you’ve been asked to sign, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.