Do I Need to Register with the ICO? A Plain-English Guide for UK Businesses
Do I Need to Register with the ICO?
If you run a UK business and process any personal data — customer names, email addresses, employee records, CCTV footage — the answer is almost certainly yes.
The Information Commissioner's Office (ICO) maintains the UK's data protection register. Most organisations that process personal data must pay an annual data protection fee to the ICO. Failure to do so is a criminal offence.
Who Must Register?
You must register if you are:
- A limited company that holds customer, employee, or supplier data
- A sole trader with a mailing list, CRM, or staff records
- A charity or non-profit with donor, volunteer, or beneficiary data
- A landlord with tenant information
- Any organisation using CCTV
Who Is Exempt?
A small number of organisations are exempt:
- Individuals processing data only for personal, family, or household purposes
- Organisations that process data only for staff administration and accounts/records, with no electronic marketing
- Some elected representatives processing data for constituency work
- Not-for-profit organisations that process data only for their members
Tip: Use the ICO's self-assessment tool if you're unsure.
How Much Does It Cost?
The fee depends on your organisation's size and turnover:
| Tier | Staff | Turnover | Annual Fee |
|---|---|---|---|
| Tier 1 | Up to 10 | Up to £632K | £40 |
| Tier 2 | Up to 250 | Up to £36M | £60 |
| Tier 3 | 250+ | Over £36M | £2,900 |
You get a £5 discount if you pay by direct debit.
What Happens If You Don't Register?
The ICO can issue a penalty notice of up to £4,350 for failure to pay the data protection fee. They actively audit the Companies House register and cross-reference it against their own register to identify non-compliant businesses.
Never miss a filing deadline
FileMinder automatically tracks every UK company compliance deadline for you.