Should My Business Register With The ICO?

Print Friendly, PDF & Email

Should My Business Register With The ICO?

Key Contact: Declan Goodwin

Author: John Tay & Rachel McCulloch

Every sole trader, business or organisation that processes personal data must register with the Information Commissioner’s Office (“ICO“). Failing to register may lead to the imposition of a fine. The ICO keeps a public list of organisations that have received a penalty notice for not paying the fee. It is therefore essential you can correctly identify whether your business needs to register.

What businesses are exempted from registering with the ICO?

There are a number of exemptions which only apply in very specific circumstances. If your business can rely on an exemption, it will not need to register with the ICO. Your business would be exempt if it is processing personal data purely for one (or more) of the following purposes:

  • staff administration (including to run your organisation’s payroll);
  • advertising, marketing and public relations in connection with your own business;
  • accounts and records (such as invoices or payments);
  • personal, family or household affairs;
  • performing judicial functions;
  • performing elected representative functions;
  • maintaining a public register; and
  • processing personal information without an automated system such as a computer.

Many businesses however process personal data for other purposes (or in addition to) those listed above which suggests that they may not be able to rely on an exemption from registration.

For example, if a business records and updates its staff’s personal data for the purposes of staff administration and managing its own accounts, then it may be exempt from registering with the ICO. However, if this same business also collects personal data from job applicants for recruitment purposes, it will no longer be able to rely on an exemption from registration.

Similarly, if a business collects personal data from its customers for advertising and marketing its own goods or services, then it may be exempt from registering with the ICO. However if this same business also uses customer personal data to deliver goods or perform a service for its customers, it will not be able to rely on an exemption from registration.

For example:

  • An online retail business will need to collect and use a customer’s name and address to deliver ordered goods.
  • A healthcare professional will need to record and analyse medical data of their patients in order to provide appropriate advice and support to them.

How we can help!

We are now offering a complementary service to determine whether your business or organisation is required to register with the ICO. This service can be found here.

If your business or organisation is required to register with the ICO, you can find out more about our ICO Registration service here.

For further information or advice, please reach out to dataprotection@acuitylaw.com  

Recent Posts

Getting Your Money Back After a Scam: Changes to Reimbursement for Authorised Push Payment Scams
Getting Your Money Back After a Scam: Changes to Reimbursement for Authorised Push Payment Scams
October 10, 2024
Acuity Law relocates growing Swansea practice to the heart of the city’s business district
October 8, 2024
EHRC Releases Guidance on the Worker Protection Act
October 3, 2024
How will Probation Periods Affect Protection from Unfair Dismissal?
October 3, 2024
How Will the Case of Tesco Stores Ltd v Union of Shop, Distributive and Allied Workers and Others [2024 UKSC 28] Impact Fire and Rehire?
October 3, 2024
Sponsor Licence Management Duties: Crackdown on Compliance
October 1, 2024

Archives

Categories

Skip to content