Do I need to register with the ICO?
UK companies who collect, store, or process personal data may need to register with the ICO however registration is not always necessary and there are several exemptions which may apply. Where applicable registration is a legal obligation and the ico can issue pretty serious fines if you fail to register and pay the appropriate fee. The registration fee varies depending how many employees you have and your turnover – most SMEs pay £40 but fees for larger companies are much higher.
You can check to see if you need to register here: https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
… and if you do not need to register you should claim an exemption here: https://ico.org.uk/for-organisations/data-protection-fee/exemptions/
It is important that if you are claiming an exempt that you does actually register your exemption using the link above, otherwise the ico will send you threatening letters!
It is difficult to quantify the value of registering [other than it is the law], I always recommend registration even if the company is exempt as it demonstrates a level of commitment to data protection and a willingness to be contacted. So our recommendation is that you should register – even if technically – you are exempt.
Don’t forget that you should also register your Data Protection Officer if you have one – you can register them at: https://ico.org.uk/for-organisations/data-protection-fee/your-data-protection-officer-is/
If you are not sure whether you have already registered you can check here: https://ico.org.uk/about-the-ico/what-we-do/register-of-fee-payers/
Hope this helps.
Feel free to talk to us about any of this.
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
Zlatko, Adam, Hristina, Marin.
On 9th August 2022, noyb.eu lodged 226 GDPR complaints with 18 authorities against websites that us
UK companies who collect, store, or process personal data may need to register with the ICO however
What is an Article 27 Representative? Article 27 is one of GDPR’s most mis-understood requirem