GDPR

What is the difference between a data processor and a data controller under the GDPR?
Can organisations share a DPO (data protection officer)?
What is the difference between personal data and sensitive data under the GDPR?
What is a data breach under the GDPR?
How does the GDPR affect businesses outside the EU?
How does the GDPR define personal data?
What sort of data processing does the GDPR apply to?
Which organisations must appoint a DPO (data protection officer) under the GDPR?
ICO Registration Check
Does my organisation need to register under the GDPR?
What lawful bases for processing should we use, and do we always need consent?
How do you comply with Article 30 of the GDPR?
What rights do individuals (data subjects) have under the GDPR?
What are the GDPR’s rules on security?
What are the GDPR’s data processing principles?
What happens if I have missed the GDPR enforcement deadline?
What are the penalties for not complying with the GDPR?
How do you report a personal data breach?
How do you write a GDPR personal data breach notification procedure?
How do you write a GDPR-compliant data protection policy?
How do you write a GDPR data subject access request procedure?
How do you write a GDPR privacy notice?
Do I need a lot of documents to comply with the GDPR?
What does ‘GDPR compliant’ mean?
What qualifications does a DPO need?
Do I have to appoint a DPO internally?
How will Brexit affect the GDPR?
What are the legal requirements for the DPO role?
Who needs to appoint a data protection officer?
The DPO’s tasks
The DPO’s role and responsibilities
What does a DPO do?
What is a privacy compliance framework?
How does the GDPR relate to the DPA 2018 (Data Protection Act 2018)?
When did the GDPR take effect?
Where can I find the full text of the GDPR?
GDPR penalties and fines
What does GDPR stand for?
What is a DSAR?
What is the right of access?
Articles of the GDPR
What is the GDPR?
What is the difference between EU regulations and directives?

ISO27001

What is ISO 27001?

Cyber Essentials

The benefits of Cyber Essentials certification
Completing the Cyber Essentials self-assessment questionnaire
What is in scope of the Cyber Essentials scheme?
How do we define the scope?
How do we renew our Cyber Essentials certificate?
Where can we display our Cyber Essentials certificate?
What can we expect from the Cyber Essentials application process?
How long will it take between submitting our online SAQ and receiving our certificate?
Who will conduct the assessments for Cyber Essentials?
What is required for certification to Cyber Essentials Plus?
What is required for certification to Cyber Essentials?
Why should we get a Cyber Essentials certificate?
Cyber Essentials changes 2022

Main Site
Help Centre
GDPR

ICO Registration Check

Unsure of whether you need to register with the ICO or think you may be exempt? Use our quick criteria check and we’ll email you the results – as well as how to proceed.

Do you use CCTV for the purposes of crime prevention? *

You should select ‘Yes’ to this question if you operate a dash-cam on or in your work vehicle. If the dash-cam is also used for work purposes it will not be considered as ‘domestic’ so you are likely to need to register and pay a data protection fee to the ICO unless you are exempt.

Are you processing personal information? *

‘Processing’ is a very broad term which describes anything you can do with personal information, including (but not limited to):

collecting;

recording;

organising;

storing;

using;

retrieving;

altering;

erasing; and

disclosing.

‘Personal information’ means any detail about a living individual that can be used on its own, or with other data, to identify them.

Do you process the information electronically? *

Electronic processing’ is any processing of information that uses computers, including cloud computing, desktop PCs, laptops and tablets. It also applies to any other system that can process information automatically, including:

CCTV systems;

digital cameras;

smartphones;

email;

credit card machines;

call logging and recording systems;

clocking-in machines;

flexi-time systems; and

audio-visual capture and storage systems.

CCTV systems;

digital cameras;

smartphones;

email;

credit card machines;

call logging and recording systems;

clocking-in machines;

flexi-time systems; and

audio-visual capture and storage systems.

Do you only process personal data for: *

Staff administration (including payroll); You only hold the personal information of the people you need to for your staff administration.

Is your organisation responsible for deciding how the information is processed? *

Answer ‘No’ if you only process information on behalf of another organisation.

If you need to determine if your organisation is a data controller or a data processor, please read our guidance here.

Our controllers and processors checklist may help you further.

Do you only process information for one of the following purposes? *

Judicial functions;

elected representative functions

personal, family or household affairs not connected to commercial or professional activities (including CCTV to monitor your domestic property, even if you are capturing images outside the boundaries of your property); or

to maintain a public register (ie you are required by law to make the information publicly available).

Are you a not-for-profit organisation that qualifies for an exemption? *

Answer ‘Yes’ if your organisation was established for not-for-profit making purposes and does not make a profit. Also answer ‘yes’ if your organisation makes a profit for its own purposes, as long as the profit is not used to enrich others. You must:

only process information necessary to establish or maintain membership or support

only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it;

you only hold information about individuals whose data you need to process for this exempt purpose

the personal data you process is restricted to personal information that is necessary for this exempt purpose

You must answer ‘No’ if you use CCTV for crime prevention.

Are you processing information for any of the following purposes? *

Yes
No
None of the below

Accountancy and auditing eg you're an accountant

Administration of justice - including police and probation boards

Administration of membership records

Advertising, marketing and public relations for others

Charities - including housing associations

Childcare ie childminder

Constituency casework

Consultancy and advisory services

Councils

Credit referencing

Crime prevention and prosecution of offenders (including CCTV systems)

Debt administration

Education – including schools

Emergency services - including ambulance and fire service

Financial services and advice

Health administration and provision of patient care - including medico legal, pharmacists, optometrists and dentists

Insolvency practices

Insurance administration

Journalism, media and TV / radio stations

Legal services

Loyalty cards

Mortgage/ insurance broking

Pastoral care

Pensions administration

Personal information processed by or obtained from a credit reference agency

Private investigation

Property management - including the selling and/ or letting of property

Recruitment

Research

Social - including networking sites or dating agencies

Software development - including web hosting and design or IT support

Trading and sharing in personal information

Training

Do you only process personal data for: *

Staff administration (including payroll); You only hold the personal information of the people you need to for your staff administration.

accounts or records (ie invoices and payments); You only hold the personal information of the people you need to for your own accounts and records, for example information about past, existing or present customers or suppliers. The information is restricted to what is necessary for your accounts and records – for example name, address and credit card details. However, this doesn't include information processed by or obtained from credit reference agencies.

advertising, marketing and public relations (in connection with your own business activity). You only hold the personal information of the people you need to for your own advertising, marketing and public relations – for example information about past, existing or present customers or suppliers The information is restricted to what is necessary for your advertising, marketing and public relations – for example, names, addresses and other identifiers You only advertise and market your own goods and services

Email *

We'll email you your result and, if necessary - let you know how to go about getting registered should you need.

What are your Feelings

Share This Article :

Updated on February 16, 2022

Which organisations must appoint a DPO (data protection officer) under the GDPR?Does my organisation need to register under the GDPR?