Do I need ICO for e-commerce? Your Guide to Data Handling

RODNAE Productions
ICO for e-commerce - two women looking at a laptop

You may not think it’s relevant to you, but you likely need to register ICO for e-commerce purposes. Almost every e-commerce business will handle data that requires annual registration with the regulatory body.

ICO registration may not be at the forefront of many e-commerce entrepreneurs minds but if you haven’t registered your business, you could be risking serious consequences.

More about our services.

What is ICO?

ICO stands for the Information Commissioner’s Office and is the data protection regulator for the UK.

Essentially, the ICO’s responsibility is to ensure that businesses in the UK are compliant with strict data protection rules. They investigate organisations that go against these principles and impose penalties where appropriate.

Do I need to be registered with ICO?

Yes! As part of the Data Protection Act, any entity that processes personal information will need to register with the ICO and pay a data protection fee. Of course, if you are exempt, you will not need to register.

Businesses of all shapes and sizes must register with the ICO, whether you’re a SME, sole trader or multi-national corporation.

Do small businesses need to pay ICO?

It is law in the UK for all businesses, including small entities to pay ICO and it’s important that you understand what it is and how it works. If you’re unsure whether or not you should be paying ICO, it’s important that you check.

You can register with the ICO and pay the data protection fee using

What is data protection?

Data protection regulations ensure that any collection or analysis of our personal data is done so safely and securely and only for purposes that we agree to. In 2018, GDPR was rolled out to give UK and EU citizens more control over their data and with it, came new data protection legislation.

Under GDPR, you must only use data for specified and legitimate purposes, keep files accurate and confidential, and must delete data that is no longer required.

You can read the full GDPR requirements here.


What are the benefits of ICO?

One of the main benefits of ICO’s is that it sends a strong message to those seeking to do business with you that you are aware of your data protection obligations and that you run your business with your customers’ best interests at heart.

After all, it’s important that your customers have peace of mind that their data is protected when they do business with you.

Do e-commerce businesses collect personal data?

If you’re an entrepreneur, you will need to register for ICO for e-commerce businesses that operate within the EU or the UK. Although you may not think of yourself as a data handler, personal data includes:

  • Names and shipping addresses of customers and possibly suppliers
  • Payment details such as card numbers
  • Email addresses for newsletter and abandon cart purposes
  • Location data and cookies

ICO for e-commerce - woman turning on VPN on her phone

How much does ICO registration cost?

If it’s the first time you’ve registered your e-commerce business for ICO, you will need to fill in a form that takes 10-15 minutes. You will need to provide payment details and business details, including turnover and staff members. Once you have completed the form, your business will be assigned a tier. This will determine the rate you pay.

Tiers range from a £40 annual payment up to a £2,900 annual payment but most e-commerce businesses will need to pay £40 or £60. If you set up your payment on direct debit, you receive a £5 annual discount, reducing the fee down potentially as low as £35.

Failure to register your e-commerce business can result in a fine, ranging from £400-£4,000.

How to stay GDPR compliant

It’s not enough just to register for ICO for e-commerce business owners; you need to treat your data accordingly! Here are some helpful tips to start you off:

  • Deactivate default opt-ins
  • Allow people to easily opt out of non-essential cookies on your site
  • Have a privacy policy on your site
  • Delete customer information once it is no longer required
  • Store all data securely on a GDPR-compliant system such as Dropbox or Google Drive

Next Steps

Managing your legal requirements can be challenging as an e-commerce entrepreneur. Whether it’s VAT in EU countries, ICO, or business registration, if you need some advice, our e-commerce accountants will be happy to help. Don’t risk fines and headaches down the road; get in touch today.

The best time to act is now.