The Information Commissioners Office (ICO) has responsibilities set out in the Data Protection Act 1998. The Act covers those processing personal information with provisions to ensure personal information:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept for longer than is necessary;
- processed in line with your rights;
- secure; and
- not transferred to other countries without adequate protection.
Registration is compulsory for organisations inc sole traders, households with cctv, charities if processing personal information. There are few exemptions, eg a not-for-profit members organisation using information for member support (core business).
Take the self-assessment here to see if you must register
and here for small business Data Protection Self Assessment Toolkit