Are you risking a fine by the Information Commissioner’s Office?
The ICO is the UK’s information rights regulator, responsible for a range of issues from stopping nuisance calls to investigating cyber-attacks on multi-national companies.
Under the Data Protection Act 2018, organisations which process personal data are required to register with the ICO, unless they are exempt.
If a qualifying organisation does not register, they can be fined up to £4,000 and named publicly by the ICO.
Personal data is defined as information which relates to an identified or identifiable individual and includes obvious data like names and addresses as well as less-obvious records such as reference numbers and CCTV footage.
An organisation does not have to register with the ICO if it is only processing personal data for one or more of the following purposes:
- Staff administration.
- Advertising, marketing, and public relations.
- Accounts and records.
- Not-for-profit purposes.
- Personal, family or household affairs.
- Maintaining a public register.
- Judicial functions.
- Processing personal information without an automated system such as a computer.
- Since 1 April 2019, members of the House of Lords, elected representatives and prospective representatives are also exempt.
Members can use the ICO’s self-assessment tool to find out whether they need to register or call our free professional advice service, Quest, on 0116 243 7881.
