Do I need to register with the ICO?

The ICO, or Information Commissioner’s Office, oversees the safe handling of personal data within companies. Under the Data Protection Act 1998, any organisation that processes personal information must register with the ICO.  While failure to do so is a criminal offence, some organisations may be exempt and may not need to register or ‘notify’ the Information Commissioner’s Office.

What is ‘personal data’?

Personal data is information about individual people, where they live, what they do and more. It’s any and all information that identifies them, including:

  • people’s names and addresses;
  • photographs;
  • customer reference numbers;
  • customer reviews.

If a document, file or image identifies a person, or could be used in combination with other information to identify them, then it’s personal data. This applies even if the information doesn’t include a person’s name.

What does ‘handling personal data’ mean?

Handling personal data means taking any action with someone’s personal data. This begins when a business starts making a record of information about someone, and continues until they no longer need the information and it’s been securely destroyed. If you hold information on someone, it counts as processing even if you don’t do anything else with it.

So, in the example of a fish and chip shop, personal data might include a list of customers’ names, addresses and phone numbers that they use for ordering and delivering food, or images that they record on their CCTV system.

Which businesses are exempt?

Organisations that only processes personal information for:

  • staff administration (including payroll);
  • advertising, marketing and public relations (in connection with their own business activity);
  • accounts and records;

Some not-for-profit organisations;

Organisations that process personal data only for maintaining a public register;

Organisations that do not process personal information on computer.

Does this apply to my business?

You might use personal data in a slightly different way to the examples described above. To check whether your business needs to register with the ICO, follow this link to their self assessment tool and answer the questions…