Customers frequently ask about data security since the Data Protection Act was introduced in 2018, which incorporates the General Data Protection Regulation, GDPR. The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights.
The ICO’s key responsibility areas include:
1) Data Protection; providing guidance to the public on personal data rights, such as accessing, correcting or deleting their data
2) Freedom of Information (FOI); overseeing the Freedom of Information Act 2000, which gives individuals the right to access information held by public authorities
3) Electronic Communication; regulating the Privacy and Electronic Communications Regulations (PECR), covering areas like marketing emails, cookies and other electronic privacy policies
4) CCTV and Surveillance; providing guidance to respect individuals’ privacy rights
Most reputable suppliers are GDPR compliant and advise customers accordingly, however every organisation or sole trader who processes information also has a responsibility which many seem to be missing.

Complying with ICO regulations is hugely variable depending on the size and type of organisation. However every organisation or sole trader who processes any personal information needs to pay an annual data protection fee to the ICO. It’s the law to pay the fee, unless exempt (for example, not-for-profit organisations) and fines for non-payment are up to £4000. Most companies need to pay £40-60 a year (setting up a Direct Debit deducts £5), for large organisations the fee is £2,900.
What do I need to do?
The ICO defines personal data as any information that can identify an individual. The list covers employment details, financial information, health information, demographic information but also includes basic identifiers such as names, email addresses and contact numbers which most hospitality operators and suppliers are keen to capture, to grow their business.
On the ICO’s website there’s a self-assessment ico.org.uk/for-organisations/data-protection-fee/self-assessment which only takes a few minutes to complete.
There’s also a helpline on 0303 123 1113, or for bite-sized advice and FAQs visit ico.org.uk/for-organisations/advice-for-small-organisations.
In November 2019 the ICO launched a campaign to contact all registered UK companies reminding of their legal responsibilities to pay a data protection fee, which was also the start of an extensive programme to make sure the data fee is paid by all those who need to. Compliance with the ICO’s regulations is manageable, simple and well explained on the links above - although clearly yet another cost which small businesses could do without.
Comments