- 17 Apr 2023
- 2 min read
Does my organisation need to register with the ICO?
Organisations (which includes sole traders, partnerships, charities, LLPs and companies etc) that determine the purpose for which personal data is processed (i.e. they are a controller of at least some personal data) must register with the Information Commissioner’s Office (ICO) and pay a data protection fee to the ICO unless they are exempt. The fee is payable annually and can be paid via the ICO website.
Even very small organisations are likely to be a controller, and will be required to register, in relation to the following types of personal data:
- Personal data about employees, shareholders, directors, partners etc.
- Personal data about customers; this could be personal data about individuals where the customer is a consumer or personal data about employees of business customers.
- CCTV or dashcam footage in premises or vehicles.
The amount of the data protection fee depends on the organisations’ size and turnover. There are currently three tiers of fee ranging from £40 to £2,900, but for most organisations it will be £40 or £60. The cost is reduced by £5 if an organisation pays by direct debit.
To establish whether an organisation needs to pay a fee there is a useful self-assessment tool on the ICO website which you can find here.
If an organisation fails to pay the fee when required to do so, then the ICO can issue a monetary penalty of up to £4,000 in addition to the fee the organisation is required to pay.
Our data protection team have many years of experience in advising organisations on their compliance with UK data protection law. To speak to one of the team you can get in touch here or call us on 0800 2800 421.
If you have not received this article directly, but would like to receive articles and data protection news alerts from Trethowans, please contact us.