Should you register with the ICO?

With the General Data Protection Regulation (GDPR) in sight, it’s important to make sure that your organisation is prepared, and that could include registering or ‘notifying’ the Information Commissioner’s Office.

Under the Data Protection Act 1998, any organisation that processes personal information must register with the ICO.  While failure to do so is a criminal offence, some organisations may be exempt and do not need to register or ‘notify’ the Information Commissioner’s Office.

The ICO’s website states exemptions for:

  • Organisations that only processes personal information for:
    • staff administration (including payroll);
    • advertising, marketing and public relations (in connection with their own business activity); and
    • accounts and records;
  • Some not-for-profit organisations;
  • Organisations that process personal data only for maintaining a public register;
  • Organisations that do not process personal information on computer.

However, if you operate a CCTV system you will need to register, even if you are exempt for one or more of the reasons above.

We would strongly advise that you take a look at the ICO website where you can complete a “registration self-assessment” to find out if you need to register or if your organisation is exempt.

You can find the self-assessment here: https://ico.org.uk/for-organisations/register/self-assessment/