What is the ICO and do I need to register?
Registering with the ICO is not normally on the top of your to-do list, or even on your radar when it comes to running your business. But it is a legal requirement for many so is worth investigating.
In this blog, we’ll explain exactly what the ICO is and whether or not you need to do anything.
What is the ICO?
The ICO is an independent authority set up to protect individual’s data. It’s there to uphold your right to own your own data and have a say in how other people can use it.
You’ll have heard of GDPR – the regulation set up to protect data. The ICO is the body that enforces it.
Do I need to register?
Almost every business will need to register with the ICO, from large corporations all the way to sole traders, groups and clubs. This is because you hold ‘personal information’, which is information that can identify someone either directly or indirectly (a name or an IP address, for example). Check if you are eligible, here: https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
There are very few exceptions, most of which don’t apply to the majority of businesses, so it’s easier to talk about who doesn’t have to apply.
On the ICO website, the exemptions are listed for those who process data only for the following purposes:
- Staff administration
- Advertising, marketing and public relations (don’t be fooled by this one – you almost certainly don’t fall into the strict guidelines for this)
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
- Processing personal information without an automated system such as a computer
What happens if I don’t register
You are breaking the law if you are processing data and have not paid the fee. Fines for not paying range from £400 to £4,000.
How do I register?
Registering is really simple. All you have to do is go to the website (I’ve put the link at the bottom of this blog) and answer 7-8 yes/no/tick box questions. They ask about:
- Use of CCTV
- Whether you process personal information (just having it counts as ‘processing’)
- Whether you do that electronically
- If you’re responsible for how that information is used
- Whether it is used for exempt purposes only
- What purpose you’re processing it for
- Whether it’s for certain ‘core business purposes’ (the list of exemptions above)
The last one might trip you up as the business activities include marketing and accounting records, but think of it like this: if you send emails, you almost certainly need to register.
The fees are divided into three tiers:
Tier 1 – micro organisations – £40 per year
You can pay by credit or debit card, or by direct debit. With the direct debit, you get a £5 discount (on tier one) and you get an email reminder every year about the next payment due. See the website for more information, here: https://ico.org.uk/for-organisations/how-much-will-i-need-to-pay/
You have a maximum turnover of £632,000 for your financial year or no more than 10 members of staff.
Tier 2 – small and medium organisations – £60
You have a maximum turnover of £36 million for your financial year or no more than 250 members of staff.
Tier 3 – large organisations – £2,900
If you do not meet the criteria for tier 1 or tier 2, you have to pay the tier 3 fee of £2,900.
The easiest way for you to check for yourself if you need to register is to go to the ICO website and take their self-assessment:
You can also go straight to the registration page here:
If you have any questions or want help with your ICO registration, we are always happy to go through it with you. Call us for a free 15 minute ‘ask me anything’ and we’ll get you set up in no time.
For more tips on systems and processes that help grow your business, subscribe to our newsletter here.
Get a little superstar treatment by contacting us on:
Telephone: 020 3362 4436
Mobile: 07811 393520