Database Right In The UK: Ownership And Protecting Business Data

If your business relies on valuable data - customer lists, pricing information, property listings, product catalogues, market research, or a carefully structured dataset powering your platform - it’s normal to worry about competitors “copying and pasting” what you’ve built.

In the UK, database right can be a powerful (and often overlooked) legal tool to help protect certain databases from unauthorised copying. But it isn’t automatic for every spreadsheet, and it doesn’t protect “facts” in the way many business owners assume.

Below, we break down what database right is, who owns it, how long it lasts, what counts as infringement, and the practical steps you can take to protect your data from day one.

This article is general information only and does not constitute legal advice. If you’d like advice for your specific situation, speak with a qualified lawyer.

What Is Database Right (And Why Should Small Businesses Care)?

Database right is a specific UK intellectual property right designed to protect the investment made in creating a database.

It’s often called a “sui generis” right (meaning it’s a special, standalone right) and it comes from the UK’s database regulations, which sit alongside copyright law.

From a small business perspective, this matters because databases can be one of your most valuable business assets - even if you don’t think of them as “creative” works. A database might be:

• a curated directory of suppliers or tradespeople
• a CRM dataset you’ve built over years
• a price comparison table or product dataset
• a recruitment candidate database
• a training dataset used to improve your services
• a structured dataset behind your app or SaaS platform

Database right doesn’t stop people from competing with you or collecting similar information themselves. What it can do is help you stop (or take action against) someone who extracts and reuses a substantial part of your database.

Does Database Right Protect The Data Itself?

Not exactly. A key point (and a common misunderstanding) is that database right typically protects the investment in obtaining, verifying or presenting the contents of a database - not the underlying facts.

So if your database is made up of publicly available facts, database right may still protect it if you’ve invested substantially in collecting and organising them. But it won’t necessarily stop someone from gathering those same facts independently.

How Is Database Right Different From Copyright?

Copyright can protect the original selection or arrangement of database content (where there’s enough originality). Database right focuses more on the time, money, and effort invested.

In practice, some databases have both copyright protection and database right protection - but it depends on how the database is made and structured.

When Does Database Right Arise In The UK?

Database right can arise automatically if you have a “database” and you can show substantial investment in creating it (again, that investment is typically in obtaining, verifying, or presenting the data).

A database is generally a collection of independent works, data or other materials that are:

• arranged in a systematic or methodical way; and
• individually accessible (for example, searchable entries, records, fields, listings, profiles, or rows).

What Counts As “Substantial Investment”?

There’s no single number or threshold, but think in terms of:

• money spent on collecting the data (research costs, subscriptions, contractors, data capture tools)
• time spent compiling and cleaning it
• cost of verifying accuracy (quality assurance processes, audits, checking sources)
• resources spent presenting it in a usable, structured form (tagging, categorisation, indexing)

If you’re building a serious dataset as part of your business model, it’s worth planning early for how you’ll evidence that investment. (We’ll come back to that below.)

How Long Does Database Right Last?

Database right generally lasts for 15 years from the end of the year in which the database was completed.

Importantly, if you make a substantial change to the database (for example, a major update that involves substantial new investment), that can trigger a new 15-year term for the updated database.

For fast-moving businesses, this can be a big deal - it means your database protection can effectively “refresh” as you keep investing in and updating the database.

Who Owns Database Right In A Business?

Ownership is where small businesses can accidentally get caught out - especially if contractors, developers, or outsourced teams are involved.

In broad terms, the owner of database right is usually the “maker” of the database - i.e. the person or business who takes the initiative and assumes the risk of investing in creating it.

Common Ownership Scenarios

• Your company builds the database internally: usually the company owns the database right.
• An employee creates the database as part of their job: database right will typically belong to the employer (subject to the employment terms and the circumstances).
• A contractor or freelancer builds it: this can be a risk area if your contract is unclear. Depending on who took the initiative and bore the financial risk of creating the database, the “maker” could be the contractor, your business, or (in some cases) both. A clear written assignment (or terms confirming ownership) is the best way to avoid disputes.
• Joint ventures/collaborations: you can end up with joint ownership or unclear ownership unless your agreement spells it out.

If you’re collecting data through a platform you’re building with an external developer, it’s also worth checking who owns the rights in the platform itself and any database structure. A well-drafted Software Licence Agreement (or development agreement) can be crucial to avoid headaches later.

What If You Buy A Database Or Acquire A Business?

If you’re buying a business (or even just acquiring a dataset), don’t assume the seller automatically owns all rights and can transfer them cleanly.

As part of your due diligence, you’ll usually want to confirm:

• how the database was created (employees vs contractors)
• what contracts exist with any creators or data suppliers
• whether any third-party data is included and under what licence
• what restrictions apply to reuse, resale, or export

This is one of those areas where getting an IP lawyer involved early can save you from paying for an asset you can’t fully use.

What Counts As Infringement Of Database Right?

Database right is primarily concerned with stopping others from:

• Extracting the contents of your database (for example, copying it out), and/or
• Re-utilising the contents of your database (for example, publishing it, reselling it, or making it available to the public).

The key concept you’ll hear is whether someone has taken a “substantial part” of the database - either in terms of quantity (how much they took) or quality (how valuable/important the part taken is).

“But They Only Took Small Bits” (The Repeated Extraction Problem)

Even if someone only takes small portions at a time, database right can still help if they repeatedly extract insubstantial parts in a way that effectively recreates a substantial part of your database.

This is particularly relevant for:

• scraping content from your website or platform over time
• former staff slowly exporting records or contacts
• competitors copying listings, profiles, or structured entries in batches

What About Customers Or Users Who Legitimately Access The Database?

Another common scenario is where users have legitimate access (for example, through a subscription), but they then reuse the database outside what you intended.

Database right might support a claim depending on what happened, but in practice, your strongest “day-to-day” protection often comes from your contracts - such as platform terms, licensing restrictions, and confidentiality obligations.

This is why it’s usually smart to pair database right protection with a properly drafted NDA (where appropriate) and clear contractual restrictions on copying, scraping, and redistribution.

How Can You Protect Your Business Data In Practice?

Database right is useful, but it works best as part of a bigger protection strategy. If your data is commercially valuable, you ideally want multiple layers of protection - legal, operational, and technical.

1) Document Your Investment (So You Can Prove Database Right Exists)

If there’s ever a dispute, you’ll usually need evidence that:

• your database qualifies as a database; and
• you made substantial investment in obtaining, verifying, or presenting its contents.

Practical ways to document investment include:

• project plans, milestones, and build documentation
• invoices from data researchers, contractors, or data entry staff
• logs of verification processes (QA checks, audit trails, moderation records)
• records of tooling and software costs used to compile/clean data
• version histories showing ongoing substantial updates

This is one of those “boring admin” steps that can become incredibly valuable if someone copies your database and you need to enforce your rights.

2) Lock Down Ownership With The Right Contracts

Even if database right arises automatically, ownership can become messy without clear written agreements - especially with developers and freelancers.

Depending on how your business operates, you may need:

• contractor agreements with clear IP and database-right assignment clauses
• employment agreements that confirm IP created during employment belongs to the business
• customer/subscriber terms that limit reuse and prohibit scraping
• supplier or data-source terms that confirm what you can do with third-party data

If your team uses internal systems to collect, tag, or curate your data, an Acceptable Use Policy can also help set clear rules about accessing, exporting, and handling business data.

3) Use Confidentiality And Access Controls (Especially For Sensitive Datasets)

Database right is not the same as keeping something confidential. If your database includes commercially sensitive information, confidentiality protections matter.

For example, you might:

• limit access on a “need to know” basis
• use role-based permissions in your CRM or database tools
• add audit logs to track exports, downloads, and bulk access
• disable bulk export features for certain user types
• require confidentiality obligations for staff, contractors, and partners

This is especially important for customer lists and lead databases - because if a dispute arises, you’ll want to show you treated the data as an asset worth protecting (not something anyone could freely walk off with).

4) Make Your Terms Clear (Subscriptions, Platforms, And B2B Data Access)

If you provide access to a database through a website, portal, or subscription product, your terms should usually address:

• what the user is allowed to do with the data
• what they are not allowed to do (copying, bulk downloading, scraping, resale)
• licensing limits (internal use only, non-transferable, time-limited access)
• termination rights if misuse is suspected
• enforcement options (injunctions, damages, account suspension)

This helps because even if database right is arguable in the background, a clear contractual breach is often simpler to act on.

5) Don’t Forget Data Protection Law (Yes, It Still Applies)

Many business databases include personal data - names, email addresses, phone numbers, employment details, purchase history, or identifiers linked to an individual.

In that case, you also need to think about compliance with the UK GDPR and Data Protection Act 2018. Having a fit-for-purpose Privacy Policy and the right terms with suppliers and processors can be essential.

If another business processes personal data for you (for example, a hosted CRM, email marketing provider, or outsourced data processing), you may need a Data Processing Agreement in place. That’s separate from database right - but in practice, these issues often overlap because “business data” and “personal data” can be the same dataset.

6) Use Notices And Markings (They Won’t Create Rights, But They Help)

You don’t need to “register” database right, but it can still help to clearly signal that your database is protected and licensed.

For example, you might include:

• a copyright/database rights notice on your platform
• terms that clearly reserve rights in your dataset
• API terms (if you offer an API) that restrict reuse and redistribution

Using a clear copyright notice won’t automatically prove database right exists, but it can reduce “I didn’t know” arguments and make your position clear from the start.

Key Takeaways

• Database right can protect certain business databases in the UK, especially where you’ve made substantial investment in obtaining, verifying, or presenting the data.
• It usually doesn’t stop others using the same facts, but it can help stop competitors from extracting or re-utilising a substantial part of your database (including repeated small extractions).
• Database right generally lasts for 15 years, and substantial updates can restart the clock for updated versions of the database.
• Ownership often sits with the business that took the initiative and risk - but it can get complicated where contractors, freelancers, or collaborations are involved.
• The most practical protection is layered: document your investment, lock down ownership in contracts, restrict access, use strong terms to prevent scraping/resale, and keep an eye on UK GDPR compliance where personal data is involved.
• If your database is a core business asset, it’s worth getting tailored legal advice early - fixing ownership or enforcement problems later is usually far more expensive.

If you’d like help protecting your database right, tightening up ownership of your business data, or putting the right contracts in place, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.