GDPR – Do you need to register with the ICO?

legal updates

Failure to register and pay the relevant fee is likely to result in a fine of £4350.

Read our disclaimer keyboard_arrow_down

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

GDPR will be law in less than 2 months as will be the new Data Protection (Charges and Information) Regulations 2018.  

These Regulations set out the fee which businesses have to pay to the Information Commissioners Office (ICO) when registering as a Data Controller. You are a Data Controller if you have customers and/or staff as you will be processing personal data. Failure to register and pay the relevant fee is likely to result in a fine of £4350.

The current fee structure is a two tier structure of £35 for smaller businesses and a £500 fee for businesses with a turnover of over £25.9 million and more than 249 staff. However, the ICO needs to fund its work and so in addition to the increased fines for data breaches which accompany GDPR, they are increasing these registration fees as of 25 May 2018.

You may be exempt from the requirement to register and pay any fee if you only process personal data manually. And you may also be exempt if you only process personal data for administering employee data or administering your business accounts i.e. sales and purchase invoices. However, even if your paperwork is all manual or you are only processing personal data for your core business activities but you have CCTV for crime prevention purposes, you will need to register as CCTV s capturing personal data.

If in doubt, you can complete the ICO questionnaire or call the ICO helpline on 0303 123 1113.

For those who do have to register the new fees are as follows:

Tier 1 £40 (£35 id paid by direct debit) for micro organisations with a maximum turnover of £632,000 or no more than ten members of staff.

Tier 2 £50 for SMEs with a maximum turnover of £36 million or no more than 250 members of staff.

Tier 3 £2900 for large organisations who exceed the criteria of Tier 1 and 2.

The jump from £500 to £2900 is sharp and gives some indication of how much extra monitoring and enforcement the ICO expect to be undertaking once GDPR arrives on 25 May 2018.

Impression Communications LtdPutting the motive in automotive

Impression works with businesses across the automotive aftermarket supply chain such as parts suppliers, warehouse distributors, motor factors and independent garages. Covering all aspects of automotive aftermarket marketing, including social media, event management, customer newsletters and PR, Impression is able to quickly establish itself within a client’s business and work towards their objectives.

Nona BowkisLegal AdvisorRead More by this author

Related Legal Updates

Are you ready for the UK’s data landscape change?

The ramifications for not having the correct policy and procedures in place could be costly, not only by a fine from the ICO for not paying your fee, but also by being reported for data breach

Goodbye 2021, hello 2022!

Despite an excess of 100 different commission claims hitting the Lawgistics’ desks, not one single dealer has had to part with their money.

Used cars – a treasure trove of personal data and a data breach in the making

Modern cars pair with smart phones and other electronic devices via Bluetooth or USB and absorb huge amounts of our personal data.

Police ordered to disclose information

Citing the provisions of the Data Protection Act 2018.

£820 out of pocket due to a data breach

Ex-employee admitted to three offences of unlawfully obtaining personal data.

Whistleblowing and data protection

Employee’s complaint had to be considered as a protected disclosure relevant to their dismissal.

GDPR – Showing potential customers the V5

There doesn’t appear to have been a ruling from the ICO on this but our view is that showing a V5 to a potential buyer is legitimate.

Get in touch

Complete the form to get in touch or via our details below:

Phone
01480 455500
Address

Vinpenta House
High Causeway
Whittlesey
Peterborough
PE7 1AE

By submitting this quote you agree to our Terms & Conditions and Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.