bookkeeper oxford, small business accountant oxford | 0844 669 8030

GDPR Focus, No.1

Apr 26, 2018     tags: news

If you are a business and are concerned about the new General Data Protection Regulations (GDPR) that come into force on 25th May, the first thing you do is to check whether your business is already registered for Data Protection (DP).

Under existing legislation (i.e. before GDPR), anyone who holds or processes personal data may be required to notify the Information Commissioner’s Office (ICO) that you are a Data Controller or Processor. If your business is not currently registered for DP, then you can complete a self-assessment found on the website of the Information Commissioner’s Office (ICO), to establish whether or not you need to notify.

You may have heard that GDPR removes the requirement to notify the ICO if you are a Data Controller. It’s really not quite that simple.

Existing UK DP legislation that requires registration/notification, remains in force (at least until 25th May), but after that criteria on data processing still apply and you may still have a statutory obligation to pay a fee to the ICO, who will record your business or organisation on the Data Protection Register. So, effectively there remains a requirement to inform the ICO and pay an annual fee, if your activities fall within the relevant DP criteria.