Trade Secrets in the UK: Protecting Confidential Know-How

Every business has something unique that gives it an edge - a recipe, a pricing model, a supplier list, a manufacturing method, or even a bespoke algorithm. In UK law, these are the kinds of things that can be protected as “trade secrets”.

If you get your trade secret strategy right from day one, you can grow with confidence and reduce the risk of costly disputes later. In this guide, we’ll break down what counts as a trade secret in the UK, how to protect it in practice, and what to do if something goes wrong.

Let’s make sure your confidential know‑how stays exactly that - confidential.

What Counts As A Trade Secret In The UK?

Under UK law, a trade secret is information that:

• Is secret (not generally known or readily accessible),
• Has commercial value because it’s secret, and
• Has been subject to reasonable steps to keep it secret.

These criteria come from the Trade Secrets (Enforcement, etc.) Regulations 2018. In plain English, the law protects your valuable, confidential information if you actually treat it as confidential.

Trade secrets can include:

• Product formulas, recipes and manufacturing processes
• Source code, algorithms, data sets and technical documentation
• Customer lists, pricing strategies, margin models and sales playbooks
• Supplier terms, unique methods, prototypes and product roadmaps
• Business plans, go‑to‑market strategies and market intelligence

There’s no registration process and no expiry date - unlike patents or trade marks - but protection only lasts as long as the information remains secret and you’ve taken sensible steps to keep it that way.

Trade Secrets vs Other IP: What’s The Best Fit?

Trade secrets are one tool in your intellectual property (IP) toolkit. They sit alongside patents, trade marks and copyright. Choosing the right protection is a strategic decision.

When Trade Secrets Make Sense

• You can keep it secret in practice (e.g. a recipe used in a locked kitchen with limited access).
• The value lies in not disclosing the detail (e.g. a pricing algorithm or prospect list).
• Reverse engineering would be difficult, time‑consuming or uncertain.

When To Consider Patents

Patents suit new inventions with clear technical features that you’re willing to disclose to the world in exchange for a time‑limited monopoly. If your product can be easily reverse engineered, patent protection may be a better route than secrecy. If brand protection is your priority, you might choose to register a trade mark for your name and logo as well.

Copyright And Know‑How

Copyright automatically protects original code and written materials, but it doesn’t stop someone independently developing similar code. Combining copyright with trade secret controls (for example, limiting repository access and using NDAs) gives you more practical protection.

As with most IP decisions, there’s no one‑size‑fits‑all. The right approach depends on what you’re protecting, how it’s used, and your growth plans. If multiple contributors are involved, make sure ownership is clear - an IP Assignment can transfer rights created by founders, employees or contractors into your company.

How To Protect Trade Secrets Day‑To‑Day

The law requires you to take “reasonable steps” to keep your information secret. Think of this as a layered approach: identify what matters, limit access, lock down the basics, and use clear contracts.

1) Identify And Classify Your Trade Secrets

• Create an internal register of confidential information and trade secrets.
• Label documents and files appropriately (“Confidential – Trade Secret”).
• Note who has access and why.

This exercise helps you focus your controls on what truly drives value.

2) Control Access On A “Need‑To‑Know” Basis

• Use role‑based permissions for drives, code repositories and CRMs.
• Apply MFA, encryption and device management for remote work.
• Physically secure labs, storage and meeting areas; use visitor sign‑ins.

Access should be proportionate: the more sensitive the information, the tighter the control.

3) Lock In Clear Policies And Training

• Adopt workplace confidentiality policies that define confidential information, handling rules, and reporting channels.
• Run onboarding and refresher training so teams know what they can and can’t share.
• Set practical rules around meetings, screen sharing, and public spaces.

Policy without training is a paper shield - the point is to embed good habits across your team.

4) Use The Right Contracts Every Time

• Pre‑contract discussions: Send a Non‑Disclosure Agreement before sharing sensitive details with potential partners, investors or suppliers.
• Hiring staff: Include express confidentiality clauses and post‑termination restrictions in your Employment Contract.
• Engaging contractors: Use a services agreement with confidentiality, IP ownership and return‑of‑materials obligations. Follow up with an IP Assignment where necessary.
• Product testing or pilots: Use a purpose‑built NDA or trial agreement with clear permitted use, duration and security standards.

Contractual protection is your first line of defence - and the easiest way to set expectations before problems arise.

5) Maintain A Clean Data Hygiene Baseline

• Set consistent file‑naming and access conventions for confidential materials.
• Use removable watermarks on shared drafts and reports.
• Adopt a retention policy (don’t keep sensitive information longer than you need).
• Back up securely and maintain audit trails for sensitive systems.

Security isn’t only about tools. It’s about simple, repeatable processes your team will actually follow.

6) Keep Your Paper Trail

• Record who you shared what with, when, and on what terms.
• Use unique share links (with expiry) so you can revoke access quickly.
• Confirm key confidentiality points in follow‑up emails after meetings.

If you ever need to enforce your rights, contemporaneous records are gold.

Using Contracts To Protect Trade Secrets

Good documentation is essential to show that you took reasonable steps to keep your information confidential - and to give you leverage if it’s misused.

NDAs For Early Conversations

Before you reveal product formulas, pitch decks or supplier terms, ask the other side to sign a Non‑Disclosure Agreement. A well‑drafted NDA should cover:

• What’s confidential (including derived or summary information)
• Permitted purpose and limited sharing (e.g. “need‑to‑know” employees)
• Security standards and return or destruction of materials
• Duration and survival of obligations
• Injunctive relief and jurisdiction

NDAs can be mutual (when both sides are sharing) or one‑way. Keep them tailored - generic templates often miss critical details.

Employment And Contractor Agreements

Employees and contractors are the most common source of trade secret risk - they see the day‑to‑day detail. Address this directly in your agreements by including:

• Clear confidentiality and data security obligations
• IP assignment to ensure the business owns what is created
• Return‑of‑property and deletion of company data at exit
• Post‑termination restrictions (e.g. non‑solicit of clients/staff; non‑dealing)

If you’re concerned about team members taking clients or poaching staff, carefully drafted restraints and a standalone non‑solicitation clause strategy can reduce risk without overreaching.

Commercial Contracts

Supplier, distribution, manufacturing and collaboration deals should all include robust confidentiality terms, limits on use, audit rights where appropriate, and clear consequences for breach. If you’re sharing brand assets or know‑how, use an IP Licence to set the boundaries.

Data Protection Interfaces

While GDPR and confidentiality are different legal regimes, they often intersect. If sharing personal data forms part of a commercial relationship, combine your confidentiality terms with a Data Processing Agreement and ensure your public‑facing Privacy Policy aligns with how you actually handle information.

What To Do If Your Trade Secret Is Leaked Or Misused

Speed matters. The quicker you act, the more likely you can contain the damage and demonstrate that you take secrecy seriously.

1) Contain And Preserve

• Revoke system access, change credentials and disable sharing links immediately.
• Preserve evidence (activity logs, emails, CCTV, device images) before anything is overwritten.
• Document a timeline of events while it’s fresh.

2) Assess The Legal Position

In the UK, you may be able to bring claims under the Trade Secrets (Enforcement, etc.) Regulations 2018 and/or the common law of breach of confidence. Depending on the facts, other routes may include breach of contract, fiduciary duty, or database rights. If hacking or unauthorised access is involved, there may also be implications under the Computer Misuse Act 1990.

3) Send A Firm, Targeted Communication

Often, the first step is a well‑aimed letter requiring the recipient to stop using or sharing the information, confirm what they hold, and return or destroy copies. If you’re escalating, a carefully worded letter before action can set out your position and remedies sought without inflaming the situation unnecessarily.

4) Consider Court Remedies

Where urgent, you can apply to court for an interim injunction to stop further use or disclosure while the case is heard. Other remedies may include delivery up, destruction orders, damages or an account of profits. Courts can also order steps to keep the secret protected during proceedings (for example, by sealing documents).

5) Learn And Improve

Post‑incident, review what went wrong and strengthen your controls. That could include policy updates, access changes, refresher training, or tightening your template agreements. If the leak was internal, address any confidentiality breaches at work through a fair process consistent with your disciplinary policy.

Practical Scenarios Small Businesses Face (And How To Handle Them)

Pitching To Investors Or Large Clients

It’s normal to get pushback on NDAs at the pitching stage. If an NDA is a non‑starter, limit what you disclose to high‑level concepts and public information until you have stronger contractual protection in place. Once talks progress, revisit NDA terms or include strong confidentiality provisions in the principal agreement.

Working With Contractors And Freelancers

Contractors often work across multiple clients and devices. Use a services agreement with confidentiality, security, clear permitted use and handover obligations, then capture ownership cleanly with an IP Assignment. For development or creative work, ensure private repos and folders are used for your project only.

Demoing Your Product

If you need to show your product, create a demo environment without live data or sensitive configuration. Disable export features and record who attended. Where practical, watermark demo outputs so any unapproved sharing is traceable.

Employees Moving On

Ensure a structured off‑boarding process: remind leavers of their confidentiality obligations, recover devices, revoke access, and get written confirmations of deletion or return of company information. Your Employment Contract should include post‑termination confidentiality and tailored non‑solicit restrictions that are reasonable and enforceable.

Handling “Grey Area” Comms

Forwarded emails, shared screenshots and private messages can escalate quickly. Train your team on appropriate sharing, and set boundaries in policy and contracts. If you suspect unauthorised sharing of sensitive communications, review your position in light of UK privacy and confidence rules and avoid reacting publicly until you’ve assessed the legal risk. If needed, reinforce expectations with policy updates and targeted training around sharing private messages without consent.

Key Laws And Standards To Keep In Mind

You don’t need to become a lawyer, but you should know the headlines that affect trade secrets in the UK.

• Trade Secrets (Enforcement, etc.) Regulations 2018: Defines trade secrets and provides remedies for unlawful acquisition, use or disclosure. Central to enforcement.
• Common Law Breach Of Confidence: Long‑standing UK protection for confidential information where a duty of confidence exists and information is misused.
• Contract Law: Your NDAs, service agreements and employment contracts are the backbone of your protection strategy.
• Data Protection Law (UK GDPR & Data Protection Act 2018): While separate from trade secrets, if your confidential information includes personal data, you must meet data protection standards and maintain a clear Privacy Policy.
• Computer Misuse Act 1990: Relevant where confidential information is accessed without authorisation (for example, hacking or password misuse).
• Employment Law: Ensure confidentiality and post‑termination clauses are reasonable and proportionate; over‑broad restrictions risk being unenforceable.

It can be overwhelming to map every obligation to your specific setup - getting tailored advice early can save you time and protect value as you scale.

Essential Documents And Controls Checklist

Here’s a practical list to help you get protected from day one.

Core Agreements

• Non‑Disclosure Agreement (mutual/one‑way)
• Employment Contract with confidentiality, IP and post‑termination restrictions
• Contractor or Services Agreement with confidentiality and IP clauses
• IP Assignment for founders, employees and contractors (as needed)
• Commercial agreements (supplier, manufacturing, collaboration) with robust confidentiality terms

Policies And Processes

• Confidentiality Policy with clear rules and reporting
• Access control and device security standards (including MFA)
• Onboarding and off‑boarding checklists
• Record‑keeping protocol for sharing and NDAs
• Privacy Policy and data processing terms if personal data is involved

Practical Controls

• Need‑to‑know access permissions across systems and files
• Encryption at rest and in transit for sensitive stores
• Secure demo environments with export limitations
• Watermarking, expiring links and activity logs on shared materials
• Physical security: locked storage, visitor logs, shredding bins

Key Takeaways

• A trade secret under UK law must be secret, commercially valuable because it’s secret, and subject to reasonable steps to keep it that way.
• Use the right tool for the job: some assets are best kept as trade secrets, others may warrant patenting or brand protection such as a move to register a trade mark.
• Your everyday controls matter: identify your trade secrets, limit access, train your team, and build simple security habits that stick.
• Contracts are critical: always use an NDA before sharing, lock in confidentiality and IP terms in your Employment Contract and contractor agreements, and capture ownership with an IP Assignment where needed.
• If something goes wrong, act fast: contain access, preserve evidence, send targeted communications (including a possible letter before action), and consider injunctions where appropriate.
• Set yourself up for growth: getting your legal foundations right now will protect value during investment, partnerships and recruitment as you scale.

If you’d like help putting a practical trade secret strategy in place, our friendly team can draft the right documents and set up processes tailored to your business. You can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.