ICO Registration as a Small Business Owner – should you be doing it?

by | Jul 7, 2022 | Blog, Business Planning, Customer Service, GDPR

ICO Registration as a Small Business Owner – should you be doing it?

I know, I get it, GDPR happened ages ago so why are we still talking about it?

Unfortunately, I’m still seeing a lot of small businesses that aren’t GDPR compliant. It might be that they don’t have the option for users to opt-out of cookies on their website, or that they don’t securely keep records for the mandated period and have an unlocked filing cabinet anyone could access.

These things are still happening and I do understand. GDPR can be confusing for business owners, particularly those who may have started their businesses in pandemic times and missed the publicity when GDPR was first implemented.ICO Registration as a Small Business Owner – should you be doing it? - Picture of a keyboard with a padlock and chain on it

In this blog, I want to talk about ICO registration as it’s still uncertain for many business owners if they have to register, what it is, how much it costs and why you probably should even if you don’t have to.

What is ICO registration for small business owners?

The Information Commissioner’s Office (ICO) enforces the data protection regulations, which is currently GDPR. They’re the folk who will investigate data breaches, take legal action against businesses when required and maintain the register of business owners.

Who has to be registered with the ICO?

If you process or hold personal data as part of your business activities or you use CCTV for crime prevention purposes, you need to be registered with the ICO.

You may be exempt from registration if:

  • You’re only processing personal data for staff administration
  • You’re only processing personal data for accounting and record-keeping purposes
  • You’re a not-for-profit organisation and don’t use CCTV
  • You’re only processing personal data for the purposes of advertising, marketing and/or public relations

As you can see, a lot of small business owners are exempt from joining the register and paying the fee to the ICO but might there be a good reason to do so anyway?

Registering with the ICO can help with reputation management

We all want to keep our personal data safe and secure and we like to think that those we do business with are doing the same. Being listed as a fee payer on the ICO’s website is a fantastic way to show that you’re aware of what data protection is, what your obligations are and that you run a tight ship when it comes to managing your business.

I know it gives me peace of mind when working with someone new. If you are a freelancer that pitches to large companies, local authorities, hospitals, etc then being registered with the ICO will definitely help these organisations perceive you in the right light during the procurement process.

It’s a small price to pay to be sure you’re staying on the right side of the law

For most small businesses (classed as micro-organisations for ICO purposes with ten staff members or less), the annual fee is £40 (or £35 when paying by direct debit).

You may make changes to your business as time marches on, such as using CCTV due to recent crime activity, changing what your business does and having to process personal data differently, etc. You probably won’t be thinking ‘oh, I need to register with the ICO immediately’ but if you don’t do so, you could be faced with a fine of £4350!

Honestly, it comes down to peace of mind for me. Voluntarily paying a small fee each year and ensuring that I am covered if things change is better than dealing with investigations and fines further down the line if I do forget to register when necessary.

 Still unsure whether to register your small business with the ICO?

If you are uncertain if your business activities are exempt or not, completing the data protection self-assessment tool on the ICO’s website is a useful way to figure out if you should join the register. However, it does have it’s limitations and this video will help you ensure you answer the questions correctly: https://youtu.be/ZeSnXZmCFZ8

If you are exempt but still unsure if you should register, consider who your clients and target audience are and whether it matters to them if you’re seen to be taking data protection seriously or not. Only you can know the answer to that question and what’s right for you and your business.

Hopefully, this blog has helped to clarify what the ICO does and why registration matters for business owners. If you’d like to discuss things further, get in touch with me today for a friendly chat on all things GDPR.