If you’re a business owner, then you need to be aware of the ICO – the Information Commissioner’s Office. The ICO is a government body that regulates data protection in the UK. This article will explain what the ICO is, the benefits of ICO registration and what you’ll receive from doing it.
What is the ICO?
The ICO is responsible for ensuring that businesses comply with the data protection laws in the UK. These laws are there to protect people’s personal data from being misused or mishandled. The ICO can issue fines of up to £500,000 to businesses that break these laws.
Everything we do leaves a digital footprint, including buying online, sharing on social media, banking while on the go, or scanning a travel card. Personal data has never been more valuable, and consumers have a right to trust that organisations will handle it responsibly and securely.
- Powerful and easy to use
- HMRC & RTI compliant
- Used by payroll pros
- Great for entrepreneurs
- Powerful data analytics
- Manage sales and data
- Great for startups
- Powerful web page builder
- E-commerce available
- Great for marketing
- Better than lists or sheets
- Manage social media
- Launch your website fast
- Powerful data intuitive
- No coding skills needed
The ICO will take action on behalf of the UK public because it’s their duty to protect individuals’ data.
What is the ICO registration fee?
All businesses will need to pay a data protection fee to the ICO. The amount you’ll need to pay depends on the size and type of your business.
Tier 1 | Tier 2 | Tier 3 |
---|---|---|
For your company’s financial year, you must not exceed £632,000 in turnover or have more than 10 employees. The cost of tier 1 is £40. | You must have a maximum turnover of £36 million for the year or no more than 250 workers. The fee for tier 2 is £60. | If you do not qualify for either tier 1 or 2, you will be charged the £2,900 tier 3 fee. |
How do I know if I need to pay the fee?
If you retain business data on any electronic device, you may have to pay an annual charge. Complete a self-assessment to discover if you need to pay the data protection fee.
Regardless of other elements of your business and operations, every business that uses CCTV for crime prevention must pay an annual ICO registration fee. This indicates that you do not need to take our registration self-assessment if you use CCTV for criminal prevention purposes since the answer will always be yes.
What do I get for paying the fee?
Paying the ICO registration fee allows you to process people’s personal data legally. It also funds the ICO’s work in protecting people’s information rights and enforcing data protection law.
What happens if I avoid paying the fee?
If you need to pay and do not pay, you could be fined up to £4,000. The ICO issued 126 fines to organisations for non-payment of the ICO registration fee between May 2021 and June 2022.
What benefits are of ICO registration?
First and foremost it is the law to pay the fee. The fee is what funds the ICO’s operations, but it also makes excellent business sense because whether or not you have paid may affect your reputation.
Being listed as a fee payer on the ICO’s website sends a loud and clear message to everyone looking to do business with you: that you are conscious of your data protection responsibilities.
Customers and other businesses will be reassured to see your firm’s name on this list, implying that you value their data. They are more likely to trust you than a company who is not listed here.
What is my ICO registration number? |
---|
Your ICO registration number is a unique reference that appears on the public register. You can find an organisations number by searching the to ICO public register. |
ICO certificate
You can apply for a certificate to show compliance with UK GDPR. The certificate is a physical manifestation of the care you take in handling people’s personal information, and it may give your business a competitive edge.
Applying for certification is voluntary, but it is something that businesses may want to consider as part of their marketing strategy. If there is an approved scheme in your sector, you may want to be certified to compete for certain tenders.
The benefits of certification are:
- It demonstrates that you take data protection seriously
- It can give your business a competitive edge
- It shows that you have been assessed against specific GDPR requirements
You can find details of approved certification schemes in the register of certification criteria. If there is a scheme that meets your needs, you should contact the relevant certification body who is accredited to operate the scheme.
Who is exempt from ICO registration?
Generally speaking, you have to pay a fee if you are processing personal data as a controller. But there are some exemptions. You don’t need to pay a fee if you are processing personal data only for one (or more) of the following purposes:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
- Processing personal information without an automated system such as a computer
- Since 1 April 2019, members of the House of Lords, elected representatives and prospective representatives are also exempt
Common misconceptions with ICO registration
Here are some common misconceptions with ICO registration.
You need to be a data controller to register
If you only process personal data for limited purposes, you may still need to register. It doesn’t matter if you are data controller or a data processor, you may still need to register. The ICO’s registration self-assessment will help you determine whether or not you need to pay the data protection fee.
Paying the ICO registration fee means you are automatically compliant with the law
You must still ensure that you are handling personal data in a way that meets the requirements of the GDPR. The ICO can help you to become compliant, and they offer a range of resources to help businesses get started.
I have never had any issues with data protection in the past, so I do not need to register
GDPR applies to all organisations that process personal data, regardless of size or sector. If you process personal data you may need to register with the ICO.
FAQ
Yes, all businesses that process personal data must pay the data protection fee, including sole traders.
All charities that process personal data must pay the data protection fee.
Most public bodies will be exempt from paying the data protection fee.
You may be exempt from paying the fee if you only process personal data for research purposes.
The data protection fee is tiered, so the amount you will need to pay depends on the size and turnover of your organisation. The fee for tier 1 is £40, for tier 2 £60 and for tier 3 £2,900.
The ICO is the UK’s independent regulator for data protection. They are responsible for enforcing the GDPR and other data protection laws.
The ICO emails organisations 6 weeks before their registration fee expires. You will need to renew it by going to website and choosing a method of payment.