ICO - Information Commissioner's Office

The ICO manage and publish the register of data controllers.

The Data Protection Act 2018 requires every organisation that processes personal information and/or uses CCTV on their premises to register with the Information Commissioner’s Office (ICO), unless you are exempt. Failure to do so is a criminal offence. The current cost to register for most organisations is £40 - £60 per year.

Businesses, local authorities and other agencies who manage personal information can also access guidance on the Privacy and Electronic Communications Regulations, Freedom of Information Act, Environmental Information Regulations, and INSPIRE regulations.

They also offer information and guidance to individuals who wish to complain about the use of their personal information.

The ICO published a guide to the Data Protection Act 2018. They also have a Data Protection self assessment toolkit to help SMEs assess their compliance with the Data Protection Act.

There are some helpful resources such as an SME web Hub, a series of short video guides on key topics, as well as specific guidance on direct marketing and a direct marketing checklist.

Website: https://ico.org.uk/

Tel:0303 123 1113 (select option 2)

GDPR, data protection, electronic marketing, Freedom of Information Helpline:0303 123 1113

E-mail: dataprotectionfee@ico.org.uk

Contact form: https://ico.org.uk/for-organisations/data-protection-fee/contact-us-data-protection-fee/#liveChat

If you want to assess your compliance, you can use this free ICO Data Protection self assessment toolkit and GDPR checklist to help:

The Self Assessment Toolkit is mostly helpful to small to medium sized organisations from the private, public and third sectors.

https://ico.org.uk/for-organisations/sme-web-hub/checklists/data-protection-self-assessment/

The ICO have launched a quick and easy-to-use tool to help small organisations and sole traders create a bespoke privacy notice and protect people’s information rights.

Under data protection law, every organisation that holds people’s information needs to explain why it holds it and what it does with it. This is so their customers, suppliers, staff and volunteers know what will happen to their personal information.

Organisations can provide this information through a privacy notice, which is displayed on its website or included in other communications, to ensure they’re compliant.

In just a few steps, the privacy notice generator can create tailored privacy notices relevant to small organisations. Businesses that already have a privacy notice can also use the generator to check it’s up to date.

The tool offers two different types of privacy notice -

One for information to customers and suppliers, which organisations can display on their website or external communications.
Another for staff and volunteer information, to use in welcome packs, policy libraries or other internal channels accessible to staff and volunteers.

There are also sections of the tool specific to particular sectors: retail and manufacturing, finance, insurance and legal, education and childcare, health and social care and charity and voluntary sectors.

You can access the generator tool here.

The General Data Protection Regulations (GDPR) came into force on the 25th May 2018: UK General Data Protection Regulations (UK GDPR), have been assimilated into UK law since the UK left the EU: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.

The GDPR affects all EU member states and has already been passed. Organisations must comply with this regulation and look to the GDPR for most legal obligations. However, the GDPR gives EU member states limited opportunities to make provisions for how it applies in their country. The Data Protection Bill gives the details of these, so it is important to read the GDPR and the Bill side by side.

You can use this free ICO Data Protection Impact Assessment toolkit and GDPR checklist to help assess your compliance: https://ico.org.uk/for-organisations/advice-for-small-organisations/checklists/data-protection-self-assessment/

GDPR Videos created by the Information Commissioner's Office -https://www.youtube.com/user/icocomms/search?query=GDPR

If you (Limited company, Limited Liability Partnership, PLC, school, hospital, public body) wish to make any complaints about unsolicited sales or marketing calls you first need to be registered with the Corporate Telephone Preference Service (CTPS): https://www.tpsonline.org.uk/pages/enforcement

Registration is completely free. It takes 28 days for the registration to become fully effective, and once it is, it is a legal requirement that you do not make calls to numbers registered. Before registering, consider that it may mean your business misses out on receiving marketing information you would like to have - thereby preventing you hearing about relevant and worthwhile opportunities.

If you are a sole trader, work from home, or in an ordinary partnership (not a LLP) you can register under the Telephone Preference Service (TPS): https://www.tpsonline.org.uk/register

Once the registration is complete, complaints can be made to the CTPS / TPS here: https://www.tpsonline.org.uk/complaint

After a complaint has been made to the CTPS/TPS, if you wish to escalate this you can complain to the ICO here: https://ico.org.uk/make-a-complaint/