What is ICO Registration? The Complete Guide to ICO Registration
Are you among the ULK business owners unsure about the obligation to register with the Information Commissioner Office (ICO)? Are you wondering whether to or not pay for the data protection fee? Don't worry. Many UK entrepreneurs are unclear about whether handling personal data falls under the ICO's jurisdiction and the steps to follow.
This guide navigates through the UK ICO registration for business owners, tackling whether to register with ICO and pay the data protection fee, the amount to pay, and the process of ICO registration.
What's the ICO?
ICO is a non-departmental public body that reports to the United Kingdom Parliament and is aligned with the Department for Digital, Media, Culture and Sport. The function of the ICO is to oversee and uphold data protection laws within the UK. ICO responsibilities include advising and advocating for best practices, managing breach reports, conducting audits and advisory visits, addressing complaints, and monitoring compliance.
The legal jurisdiction of the ICO extends across a range of legislations, including
- Data Protection Act
- Freedom of Information Act
- Environmental Information Regulations
- INSPIRE Regulation
- Privacy and Electronic Communications Regulations
- General Data Protection Regulation (GDPR)
- NIS Regulations
- Investigatory Powers Act
- eIDAS Regulation
- Re-use of Public Sector Information Regulations
UK organizations must comply with the data protection laws. Failure may lead to huge fines of up to £17.5 million or 4% of the company's annual turnover.
What's the ICO Data Protection Fee?
This is a fee used for the ICO work of enforcing the UK data protection laws. Every company should pay the data protection fee annually to the ICO. If the organisation doesn't pay, it should inform the ICO that they no longer meet the payment eligibility criteria.
When to Register with ICO?
Whether a solo trader or a company that processes personal information in the UK must register with ICO and pay a fee for data protection unless they are exempted, if you aren't sure whether to register for the ICO, it's advised to check through ICO online registration self-assessment platform to check your eligibility. This self-assessment tool takes you through various questions to check if and how you use data.
You will pay the ICO data protection fee if:
- Your company electronically processes personal information
- If you use CCTV for crime prevention in your company
What Does Processing Mean?
ICO defines processing as an action you can do with personal information
- Collecting
- Recording
- Disclosing
- Organising
- Storing
- Using
- Erasing
- Retrieving
- Altering
- Employees
- Workers
- UK and abroad staff
- Office holders
- Partners
- Part-time workers
ICO guidelines state your staff members must be average over the financial year; to achieve this, you need:
- To calculate your staff throughout the financial year
- Add staff from each month
- Divide the total staff count, then divide it by months of your business financial year.
The 2018 Data Protection Act has several exceptions to the mentioned payment rules. It states:
- Public authorities to use staff numbers and not turnover
- The charities should pay the first tier fee despite the turnover size
- Small occupational pension schemes to pay first tier fee despite the turnover size
Does Paying this Fee have Who is Exempt?
According to the ICO, you're exempted from paying a data protection fee if your personal data is processed in the following:
- Accounts and records
- Judicial functions
- To maintain a public register
- To advertise, market, and public relations
- If you're a House of Lords member
- Elected representatives
- For non-profit purposes
- For family, personal or household affairs
- Staff administration
- To process personal information without having an automated system like a computer.
Even though you're not required to register with ICO, you must comply with data protection laws in the UK, even for exempt purposes.
The Process of Registering with the ICO
You will do ICO registration online on their website. This service lets you pay your data protection fee for the first time. However, you need the following to start your registration.
- Your Payment card
- Your turnover
- Number of staff
- Company name and address
- Company registration number
Depending on how you provide the answers, you will be notified whether to register and how much you will pay that year. The form will also inform you if you've registered; you don't need to continue. You will also answer if you need a data protection officer to process large-scale data. This will happen if:
- You need to track and monitor people through CCTV
- Offences data or large-scale criminal convictions
- Your business processes large-scale specific personal data
The ICO registration takes about 15 minutes, and after payment, you will receive an ICO confirmation, probably on the next working day. Then, your registration will be available on the 'fee payers' register.
How Much do I Pay for the Data Protection Fee?
The ICO has a tiers fee payment system, and where your company falls depends on the following:
- Staff numbers
- Annual turnover
- If you're a public authority
- If you're a charity
- If you're a small occupational pension plan
This fee ranges between £40 and £2,900, which is set by the parliament considering the risk associated with controllers' processing of personal data.
The three tiers are:
Micro organisations
This tier includes
- A turnover not exceeding £632,000 a financial year
- Ten or fewer members of staff
You pay £40.
Small and medium companies
Your organization must be in this category to qualify
- A turnover of up to £36 million annually
- Not more than 250 staff member
You need to pay £60.
Large organizations
These include the organizations that do not fall under tier 1 or 2.
They pay £2,900 per year.
You can pay the ICO data protection fee through cheque, direct debit, or card. If your company pays via direct debit, you get a £5 discount. When counting your staff, you have to consider the following:
a Deadline?
Unlike the annual accounts or confirmation statements where the company incorporation date is the business deadline, the data protection fee has no attached deadline. Instead, the ICO sends letters to companies reminding them of protection fee requirements. The letters have dates on which ICO expects to receive a payment or a response.
Do You Need Help Forming Your Company in the UK?
Incorpuk offers a range of fast and efficient online company formation services, that makes it easiest and cost effective to take your business global. Kindly contact incorpuk if you need any help on company formation services today.
What Happens When I Fail to Pay the Data Protection Fee?
If you fail to pay your data protection fee, it means you're breaking the law. The ICO may fine you 150% on top of your tier or pay up to £4,350.
Conclusion
As a business owner, you shoulder broad legal and administrative responsibilities, and ICO registration is one of them. Fortunately, the ICO registration is straightforward with all requirements; it takes only 15 minutes. If your business grows in staff or turnover, ensure you provide the right information in your next register with ICO to ensure you're paying the right amount. So, ensure you learn about the three tiers and what they entail. Do you want help registering a company in the UK while abroad? Incorpuk is here to help you register a company today. Contact us now and enjoy diverse perks.