Have you received a letter from the Information Commissioners Office? A lot of our clients have been receiving letters from the ICO in recent weeks so we though it would be best to do a quick blog on everything this letter relates to and if you are required to pay a fee to the ICO (Information Commissioners Office). There are so many things to focus on when you are a business, so let’s debunk one more thing to make sure you are in the know.
Who is the ICO and what is their purpose?
The ICO (or Information Commissioners Office) are the UK’s independent body to uphold information rights. Their purpose is to uphold information rights for businesses and individuals in the interest of the public.
Do I need to register and pay the fee?
If you are an individual or company that process personal data you might be familiar with GDPR. In this case, you will need to pay a data protection fee to the ICO (unless you are exempt). The ICO website has a quick and Registration for ICO which will ascertain whether you need to pay the fee or if you are exempt from it.
Who is exempt from the ICO fee?
You do not need to pay if you are only processing data for one or more of the following reasons:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not -for -profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
- Processing personal information without an automated system such as a computer
If in doubt, you can register with the ICO through a self assessment service and find out for certain of your exemption.
Do I need consent to hold an individuals data?
The simple answer to this is no, however, to use an individual’s data without their consent the organisation does need to have a valid reason to do so. A few of the valid reasons are below.
- Legal Obligation
- Vital Interests
- Public Tasks
- Legitimate interests
Can an individual ask for their data to be deleted?
Yes, they can ask for their data to be deleted from an organisation, however in some circumstances, such as tax or employment reasons, you may need to hold the data on file for a certain period of time.
What about sharing Data from/to EEA?
Do you send/receive any personal data from anyone in the EEA?
Do you offer any product or services to anyone in the EEA? Or monitor their behaviour like online activity?
Have you collected any data from anyone outside the UK before the end of December 2020?
If you answered yes to any of the above, then we highly suggest you visit the ICO website and check what needs to be done going forward.
There are many new rules coming into place in relation to personal data. In any case, it is a good idea to check with the organising body, such as the ICO. You can visit the ICO website here.