What is the ICO?
The ICO is the Information Commissioner's Office, and is the UK’s independent authority responsible for upholding the information rights in public interests and data privacy of individuals. The ICO is responsible for ensuring businesses involved in the processing of data should respect the rights of the individuals.
To elaborate, the major aim of the ICO is to ensure that the rights of individuals over their own data is duly respected and protected. It further promotes transparency in the functioning of an organisation with regard to personal data. As an independent regulator, it oversees the different aspects of data protection like providing a forum to register complaints about any privacy concerns, facilitating registration of controllers, providing guidance on data protection and use of technology as well as taking action against those who violate the rights of a data subject or individual.
Responsibilities of the ICO
The ICO is responsible for:
Promoting good practice in handling personal data and giving advice and guidance on data protection.
Ensure data controllers pay the appropriate data protection fee and provide and update basic information about their firm.
Helping to resolve disputes by deciding whether it is likely or unlikely that an organisation has complied with the GDPR when processing personal data.
Taking action to enforce compliance with GDPR, where appropriate.
Bringing prosecutions for offences committed under GDPR (except in Scotland, where the Procurator Fiscal brings prosecutions).
International Responsibilities
Apart from carrying out duties in the UK, one of the major responsibilities of the ICO is to cooperate with the International data protection authorities including the European Commission. The cooperation involves:
Investigation of complaints
Sharing Information
Working alongside partners to improve understanding of data protection laws and provide guidance where necessary
The ICO cooperates across all areas including justice and judicial cooperation, freedom, security and policing in the EU. The ICO is part of the Article 29 Working Party, which represents each of the 28 EU data protection authorities, as well as Iceland, Liechtenstein and Norway.
What legislation does the ICO enforce?
The Information Commissioner oversees the enforcement of 11 separate pieces of legislation, including GDPR. The ICO can be consulted when it comes to enforcing the PECR and Data Protection Act 2018 alongside GDPR.
What powers does the ICO have?
The ICO can enforce a wide range of actions right from issuing financial penalties to conducting spot-checks of regulatory compliance, issuing urgent information notices and warnings. It has the power to launch prosecution and apply for court orders enforcing compliance with a previously issues information notice.
A wide range of factors is taken into consideration while determining the measure to take. The ICO takes a selective and highly flexible approach while regulating an organisation. Generally, the actions are decided on a case by case basis. The quantum of harsh penalties highly depends upon the willingness of an organisation to cooperate along with the previous compliance efforts. To elaborate, conducting data protection impact assessment on regular basis, steps taken to mitigate any harm like data breach etc. Several aggravating and mitigating factors are also taken into account.
How does the ICO enforce GDPR?
Imposing monetary penalty is the most prominent way to enforce GDPR. ICO will take a reasonable and reserved approach to enforce GDPR, and will only issue the maximum fines if entirely necessary to dissuade negligence or future non-compliance. The Information Commissioner has the power to issue monetary penalties for any infringement. Under the Data Protection Act there are two tiers of penalty for an infringement:-1. Higher Maximum:- The higher maximum amount, is £17.5 million or 4% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
Standard Maximum:- The standard maximum is £8.7 million or 2% of the total annual worldwide turnover in the preceding financial year, whichever is higher.
Have you received a letter from the ICO about paying a data protection fee?
In case you have received a letter from ICO for payment of data protection fee, the first thing you do is Relax! The ICO has been writing since the introduction of GDPR to companies it believes are liable for the annual fee and are not on their public register of fee payers.
To ensure that the communication you’ve received a letter, text message, email or telephone call from us is not a scam relating to the payment of the data protection fee you can check its authenticity by searching ‘ICO fee’ using your usual search engine. Follow the top results to website links which begin with https://ico.org.uk, and this will bring you to our official website. To assess whether you need to pay or not click here.
Disclaimer
This article does not constitute legal advice in any form and only seeks to break down some of the main points set out by publicly available sources such as the ICO.
Frequently asked questions
We never have access to any of your data, our platform is able to scan each tool and provide recommendations without needing to access any of the data within those tools. There's no need for your dev' team to do anything, there are no security risks, just tell us the tools you use and we will do the rest.
Our policies are not just about my website or service. Once set up, our platform will help you map-out internal and external processes, such as HR, finance, and more!
We recommend replacing your current policy with our policy, this way you’ll remain compliant as your business changes and as the laws update.
Setting up is easy, just follow the on-screen commands and go through a few short steps to add your tools. You don't need any technical ability, anything you don't know the answer to you can ask us via our live chat or add later.
A template will not be applicable to your particular business as there are many things to consider for each tool you use. Also the template will not automatically update when changes happen in your business and when changes to GDPR laws are released. This can leave you vulnerable to breaking GDPR laws.
We have a huge selection of tools pre-loaded and anything you don't see you can add directly from the platform as well as mapping data for any custom software you may use.
Our Essential Plan is perfect for people just getting started, small businesses, self-employed people and early stage companies. It allows you to get set up and start making your site GDPR compliant. You can move to our pro plan when you grow and your needs become more complex.
Our Pro Plan is aimed at SMEs and is our most popular plan as it includes everything you'll need such as a cookie banner, multiple languages as well as dedicated support.
Our Agency Plan is aimed at businesses that operate with clients needing GDPR solutions. The plan allows you to onboard clients as well as benefit from the Pro Plan for your own site.
Our Enterprise Plan is our most customisable and inclusive plan aimed at large, corporate businesses. We will essentially build you a bespoke plan with full maintenance support, onboarding classes and full company-wide access.
Feel free to get in touch to discuss our GDPR Compliance Software solution.
Signing up is super easy. The platform will ask you a few basic questions and then you can add your tools - don't worry if you don't know them all, you can come back and add tools at any point. The platform will then generate you the correct privacy policy based on your information, you can there share it directly on your site. That's it!
Privasee has a plan for smaller companies as well as larger enterprise companies. For companies small to medium you can signup directly. For bigger enterprise companies get in touch with your requirements and our team will build you a bespoke plan.
You have a legal responsibility to keep your policy up to date with every change in legal requirements for every tool you have. With Privasee you are always covered.