ICO registration and data protection
All APDO members are required to be registered with the Information Commissioner’s Office as a Data Holder under the Data Protection Act 1998. The Act requires every organisation processing personal data to register with the ICO unless they are exempt. Even if classed as exempt, the Act still requires businesses to adhere to the principles of data protection.
ICO registration demonstrates commitment to professional standards – it enhances credibility and reflects integrity so it’s worth mentioning ICO registration on your website, APDO profile, business cards and other marketing materials.
Registration online via the ICO website is very simple and costs £35 per annum. Renewal happens automatically so, once registered, there will be virtually no admin to do to maintain your registration.
There is a simple self-assessment test to do on-line to confirm that registration is necessary. Questions include:
1. Are you a not for profit organisation that qualifies for anexemption?
2. Does your business or organisation only process information for judicial functions?
3. Are you processing* personal information**?
4. Do you process the information electronically***?
5. Is your organisation responsible for deciding how the information is processed?
6. Do you only process personal information for personal, family, household or recreational reasons?
7. Are you only processing personal data to maintain a public register?
8. Do you only process personal data for staff administration, advertising, marketing or public relations, or accounts or records?
Most APDO members are likely to be processing*
* ‘Processing’ means doing any of the following with the information:
** ‘Personal information’ means any detail about a living individual that can be used on its own, or with other data, to identify them.
*** ‘electronically’ includes processing information using computers and any system that can process the information automatically, including CCTV systems, digital cameras, smartphones, credit card machines, call logging and recording systems, clocking machines and audio-visual capture and storage systems.
I don’t work with client paperwork – why do I need to be registered?
ICO registration has nothing to do with the work you carry out. It matters not, whether you work with clients organising paperwork or offices – registration is concerned with the information you hold about your clients and any other identifiable individuals you may hold details about in the course of your business, (eg prospective clients, client family members, support workers etc) and what you do with that information.
Please note that the Data Protection Act also includes types of manual processing of information which, if the information relates to an identifiable individual, and is considered to be a ‘relevant filing system’ will also be deemed to involve the ‘processing of personal data’ and would mean that you have to register with the ICO as a Data Holder.
Where information is held in a set of manual records which is sufficiently well structured to allow ready access to specific information about particular individuals the set will form a relevant filing system for the purposes of the DPA.
These provisions will cover any manual notes or records of information you take and keep about a client at your first and any subsequent meetings.
For more information, please see the Information Commissioners website www.ico.org.uk