Acuity Portal Sign In
10
Oct
2022

Should My Business Register With The ICO?

, ,
Print Friendly, PDF & Email

Should My Business Register With The ICO?

Key Contact: Declan Goodwin

Author: John Tay & Rachel McCulloch

Every sole trader, business or organisation that processes personal data must register with the Information Commissioner’s Office (“ICO“). Failing to register may lead to the imposition of a fine. The ICO keeps a public list of organisations that have received a penalty notice for not paying the fee. It is therefore essential you can correctly identify whether your business needs to register.

What businesses are exempted from registering with the ICO?

There are a number of exemptions which only apply in very specific circumstances. If your business can rely on an exemption, it will not need to register with the ICO. Your business would be exempt if it is processing personal data purely for one (or more) of the following purposes:

  • staff administration (including to run your organisation’s payroll);
  • advertising, marketing and public relations in connection with your own business;
  • accounts and records (such as invoices or payments);
  • personal, family or household affairs;
  • performing judicial functions;
  • performing elected representative functions;
  • maintaining a public register; and
  • processing personal information without an automated system such as a computer.

Many businesses however process personal data for other purposes (or in addition to) those listed above which suggests that they may not be able to rely on an exemption from registration.

For example, if a business records and updates its staff’s personal data for the purposes of staff administration and managing its own accounts, then it may be exempt from registering with the ICO. However, if this same business also collects personal data from job applicants for recruitment purposes, it will no longer be able to rely on an exemption from registration.

Similarly, if a business collects personal data from its customers for advertising and marketing its own goods or services, then it may be exempt from registering with the ICO. However if this same business also uses customer personal data to deliver goods or perform a service for its customers, it will not be able to rely on an exemption from registration.

For example:

  • An online retail business will need to collect and use a customer’s name and address to deliver ordered goods.
  • A healthcare professional will need to record and analyse medical data of their patients in order to provide appropriate advice and support to them.

How we can help!

We are now offering a complementary service to determine whether your business or organisation is required to register with the ICO. This service can be found here.

If your business or organisation is required to register with the ICO, you can find out more about our ICO Registration service here.

For further information or advice, please reach out to dataprotection@acuitylaw.com  

Recent Posts

Court Of Appeal Rules On Damages Award Following A Breach By The NHS Of Its Procurement Obligations – Braceurself Limited v NHS England
April 23, 2024
Acuity Law Reveals Role In £1.13 Million Seed Funding For London-Based Healthtech, HealthKey
April 18, 2024
International Women's Day 2024
Playing To Our Strengths
April 9, 2024
Howe Properties (NE) Ltd v Accent Housing Ltd [2024] EWCA Civ 297: Interpretation And Applicability Of Service Charge Provisions
April 8, 2024
Vento Bands 2024
April 2, 2024
Gender Pay Gap Reporting- Are You Ready?
April 2, 2024

Archives

Categories

Skip to content