ICO (Information Commissioners Office)
A lot of our clients have been receiving letters from the ICO in recent weeks so we though it would be best to do a quick blog on what this letter relates to and if you are required to pay a fee to the ICO (Information Commissioners Office).
Who is the ICO and what is their purpose?
The UK’s independent body to uphold information rights, their purpose is to uphold information rights in the publics interest.
Do I need to register and pay the fee?
If you are an individual or company that process personal data, you will need to pay a data protection fee to the ICO (unless you are exempt). The ICO website has a quick registration process which will ascertain whether you need to pay the fee or if you are exempt from it.
Do I need consent to hold an individual’s data?
The simple answer to this is no, however, to use an individual’s data without their consent the organisation does need to have a valid reason to do so.
- Legal Obligation
- Vital Interests
- Public Tasks
- Legitimate interests
Can an individual ask for their data to be deleted?
Yes, they can ask for their data to be deleted from an organisation, however in some circumstances you may need to hold the data on file.
What about sharing Data from/to EEA?
Do you send/receive any personal data from anyone in the EEA?
Do you offer any product or services to anyone in the EEA? Or monitor their behaviour like online activity?
Have you collected any data from anyone outside the UK before the end of December 2020?
If you answered yes to any of the above, then we highly suggest you visit the ICO website and check what needs to be done going forward.