Should My Business Register With The ICO?

Print Friendly, PDF & Email

Should My Business Register With The ICO?

Key Contact: Declan Goodwin

Author: John Tay & Rachel McCulloch

Every sole trader, business or organisation that processes personal data must register with the Information Commissioner’s Office (“ICO“). Failing to register may lead to the imposition of a fine. The ICO keeps a public list of organisations that have received a penalty notice for not paying the fee. It is therefore essential you can correctly identify whether your business needs to register.

What businesses are exempted from registering with the ICO?

There are a number of exemptions which only apply in very specific circumstances. If your business can rely on an exemption, it will not need to register with the ICO. Your business would be exempt if it is processing personal data purely for one (or more) of the following purposes:

  • staff administration (including to run your organisation’s payroll);
  • advertising, marketing and public relations in connection with your own business;
  • accounts and records (such as invoices or payments);
  • personal, family or household affairs;
  • performing judicial functions;
  • performing elected representative functions;
  • maintaining a public register; and
  • processing personal information without an automated system such as a computer.

Many businesses however process personal data for other purposes (or in addition to) those listed above which suggests that they may not be able to rely on an exemption from registration.

For example, if a business records and updates its staff’s personal data for the purposes of staff administration and managing its own accounts, then it may be exempt from registering with the ICO. However, if this same business also collects personal data from job applicants for recruitment purposes, it will no longer be able to rely on an exemption from registration.

Similarly, if a business collects personal data from its customers for advertising and marketing its own goods or services, then it may be exempt from registering with the ICO. However if this same business also uses customer personal data to deliver goods or perform a service for its customers, it will not be able to rely on an exemption from registration.

For example:

  • An online retail business will need to collect and use a customer’s name and address to deliver ordered goods.
  • A healthcare professional will need to record and analyse medical data of their patients in order to provide appropriate advice and support to them.

How we can help!

We are now offering a complementary service to determine whether your business or organisation is required to register with the ICO. This service can be found here.

If your business or organisation is required to register with the ICO, you can find out more about our ICO Registration service here.

For further information or advice, please reach out to dataprotection@acuitylaw.com  

Recent Posts

IP Owners vs. AI Developers
December 19, 2024
Potential changes to marine tourism tax
What You Need to Know about the Upcoming Tax on Welsh Marine Tourism
December 16, 2024
Image about business tenancies
Examining the Future of Business Tenancies: Law Commission Launches Consultation on the Right to Renew
December 16, 2024
Need some corporate finance advice? Meet Acuity Alliance Partner Adam Street Advisers
December 12, 2024
Business man in a paper boat with arrow waves threatening him
Risk Management and Due Diligence: What You Need to Know When Trading Overseas
December 12, 2024
Assisted dying and probate disputes
Assisted Dying and its Potential Impact on Probate Disputes
December 11, 2024

Archives

Categories

Skip to content