Menu
Data protection – ICO mailing campaign
Compliance

One of our clients recently asked this ‘easy’ question.

 

 

“We are a limited company but the firm is 100% owned by a holding company.  We have received a letter from the ICO asking us to register the holding company.

Does the holding company need to register – it will not be controlling or processing data?”

While the question is undoubtedly easy, the answer is not so straightforward!

Whether the holding company needs to be registered or not depends entirely on whether they process personal information.

‘Processing’ means doing any of the following with the information:

  • obtaining it;
  • recording it;
  • storing it;
  • updating it; and
  • sharing it

‘Personal information’ means any detail about a living individual that can be used on its own, or with other data, to identify them. So, in order to identify whether the firm needs to register, first it is necessary for the firm  to assess whether it is in fact undertaking any of the processing actions listed above. If not then the holding company does not need to be registered but would certainly need to inform the ICO that they do not intend to register and on what grounds.

Why is the ICO writing to firms?

This all stems from a mass mailing exercise that the ICO embarked upon in December 2019. You can read about it here.

This page includes a link to a ‘form’ that enables companies to advise why they believe they are exempt. The exemptions are listed in the Data Protection Act 2018 schedule.

In the case of a holding company, clause 2f is the most likely candidate for justifying an exemption:

“subject to sub-paragraph (4), for the purposes of—

(i)keeping accounts, or records of purchases, sales or other transactions

(ii)deciding whether to accept any person as a customer or supplier, or

(iii)making financial or financial management forecasts, in relation to any activity carried on by the data controller”

The problem is that the ICO’s page says “if you hold personal information for business purposes on any electronic device…it is likely an annual fee payment is due”. It is not clear what this is based upon as it could be argued that it effectively negates many of the exemptions.

Action required

So the firm has two options:

  • either inform the ICO that they are claiming exemption or
  • pay the fee and be done with it

Many firms in a similar position might well decide to simply register and pay the fee. This could be a pragmatic and sensible response as failure to pay the fee in circumstances where no exemption applies can lead to a penalty of up to £4350.

Don’t forget to check Our View about this article and the Actions Required By You

arrow-top-right

Important Note: ATEB news is intended to provide general information ONLY. The content, including any views expressed or guidance provided, does not replace the need to comply fully with FCA Rules and Guidance. Unless you have discussed news article content with ATEB, and specifically how it relates to your circumstances, then ATEB disclaims all liability and responsibility and actions arising from any reliance placed upon it. For the avoidance of doubt therefore, any reliance you place on such information without our consultation is at your own risk.

ATEB Compliance offers compliance and regulatory advice.

ATEB Suitability provides report writing software for the financial services market.

Our View

For information.

Action Required By You

For information.
SUIT - Beautiful Reports
CREATE BEAUTIFUL
SUITABILITY
REPORTS
TRY IT FOR FREE
SUIT - Complete Control
TAKE BACK
CONTROL OF YOUR
SUITABILITY REPORT
PRODUCTION
TRY IT FOR FREE
SUIT - Comp confidence
SUITABILITY
REPORTS
WITH FULL
COMPLIANCE
CONFIDENCE
TRY IT FOR FREE
previous arrow
next arrow

About the Author

Shirley McKenzie

Shirley has a wealth of industry experience and proven track record of working closely with firms to deliver high quality compliance and T&C solutions across a wide range of regulatory disciplines.

Contact Us

20182019Data Protection ActPIprotectionrecordingRegister
Compliance

Brought to you by

Explore more articles in this category

Other articles that you might be interested in

news-item2

ATEB Compliance is now Thistle Initiatives

Compliance ,

Our new website is: www.thistleinitiatives.co.uk and you can keep up to date with all of our usual regulatory and company updates here.

Read More
Accuracy afternoon alarm clock analogue

Doesn’t time fly?

Compliance , , ,

Yes, believe it or not, as this article lands in your inbox it’s six months since Consumer Duty went live.   Time really does fly when you’re having fun (what do you mean, this isn’t fun?) and in another six months from now the second phase of CD, covering closed products, comes into effect. More […]

Read More
251A5884-HEPTINSTALL-2

A happy retirement

Compliance ,

Not, as you may think, an article about problems related to PP switching (watch this space though), but a brief note to wish one of our own all the best for his retirement. After eight years with ATEB, 31 January sees Alistair MacDougall hanging up his financial services boots. Those readers who have been receiving […]

Read More
iStock-1459005346 [Converted]

New Content Integration with Evelyn Partners

Suitability , , , , ,

We have some exciting news on the latest upgrade to ATEB Suitability on 19th January 2024. This update comes at no additional cost and provides a new addition to our content integration library. We have partnered with Evelyn Partners to provide our customer firms with access to the following: A description of their service A description for […]

Read More
Fair

Reviews. What do yours look like?

Compliance , , , , , , , ,

Review. It’s a simple word, but depending upon who you speak to, it can have several meanings.   There are several definitions of the word ‘review’. In verb form, the Cambridge Dictionary cites review as: to think or talk about something again, in order to make changes to it or to make a decision about […]

Read More
Load More