In today’s ever evolving digital marketplace, e-commerce businesses handle vast amounts of personal data, from customer names and addresses right through to payment details and browsing behaviour.
Understanding your obligations regarding data protection is not just about legal compliance – it’s about building trust with your customers and safeguarding your business reputation. One crucial aspect of this is knowing whether you need to register with the UK’s Information Commissioner’s Office (ICO).
You may not think it’s relevant to you, but if you are a business owner or sole trader, you likely need to register ICO for e-commerce purposes. Almost every e-commerce business will handle data that requires annual registration with the regulatory body.
ICO registration may not be at the forefront of many e-commerce entrepreneurs minds but if you haven’t registered your business, you could be risking serious consequences.
Get A Free Quote
Breakout E-commerce accountants and Xero specialists to supercharge your UK online business growth.
In this blog, we look at ICO, what it is, why you need to be registered, and the costs associated with ICO registration.
What is ICO?
ICO stands for the Information Commissioner’s Office and is the data protection regulator for the UK.
Essentially, the ICO’s responsibility is to ensure that businesses in the UK are compliant with strict data protection and GDPR (General Data Protection Regulation) rules. They investigate organisations that go against these principles and impose penalties where appropriate.
Do I need to be registered with ICO?
Yes! As part of the Data Protection Act, any entity that processes personal information will need to register with the ICO and pay a data protection fee. Of course, if you are exempt, you will not need to register.
Businesses of all shapes and sizes must register with the ICO, whether you’re a SME, sole trader or multi-national corporation. A self-assessment portal is available for any businesses who aren’t sure if they are required to register.
For example, you will likely need to register if your e-commerce business:
- Collects and stores customer details for processing orders.
- Uses customer data for marketing purposes (e.g., email newsletters, targeted ads).
- Tracks website visitors using cookies or similar technologies (as these can often identify individuals).
- Processes payment information electronically.
- Keeps records of customer interactions or purchase history.
However, there are some exemptions.
For example, you might be exempt if you only process personal data for core business purposes that are strictly necessary, such as:
- Staff administration (if you have employees).
- Payroll.
- Accounts and records.
Do small businesses need to pay ICO?
It is law in the UK for all businesses, including small entities to pay ICO and it’s important that you understand what it is and how it works. If you’re unsure whether or not you should be paying ICO, it’s important that you check. Failing to register with the ICO (if applicable to your business) is a criminal offence, and registering can help you to ensure your business remains GDPR compliant, avoiding fines that can range from £400 to £4,000.
You can register with the ICO and pay the data protection fee using Gov.uk.
What is data protection?
Data protection regulations ensure that any collection or analysis of our personal data is done so safely and securely and only for purposes that we agree to. In 2018, GDPR was rolled out to give UK and EU citizens more control over their data and with it, came new data protection legislation.
Under GDPR, you must only use data for specified and legitimate purposes, keep files accurate and confidential, and must delete data that is no longer required.
While there are some exemptions to GDPR and data protection, these are often determined on a case-by-case basis and are often within areas such as domestic purposes, law enforcement or intelligence services processing.
You can read the full GDPR requirements here.
What are the benefits of ICO?
One of the main benefits of ICO’s is that it sends a strong message to those seeking to do business with you that you are aware of your data protection obligations and that you run your business with your customers’ best interests at heart.
After all, it’s important that your customers have peace of mind that their data is protected when they do business with you.
Do e-commerce businesses collect personal data?
If you’re an entrepreneur, you will need to register for ICO for e-commerce businesses that operate within the EU or the UK. Although you may not think of yourself as a data handler, personal data includes:
How much does ICO registration cost?
If it’s the first time you’ve registered your e-commerce business for ICO, you will need to fill in a form that takes 10-15 minutes. You will need to provide payment details and business details, including turnover and staff members. Once you have completed the form, your business will be assigned a tier. This will determine the rate you pay.
Tiers range from a £40 annual payment up to a £2,900 annual payment but most e-commerce businesses will need to pay £40 or £60. If you set up your payment on direct debit, you receive a £5 annual discount, reducing the fee down potentially as low as £35.
Failure to register your e-commerce business can result in a fine, ranging from £400-£4,000.
How to stay GDPR compliant
It’s not enough just to register for ICO for e-commerce business owners; you need to treat your data accordingly! Here are some helpful tips to start you off:
- Deactivate default opt-ins
- Allow people to easily opt out of non-essential cookies on your site
- Have a privacy policy on your site
- Delete customer information once it is no longer required
- Store all data securely on a GDPR-compliant system such as Dropbox or Google Drive
What are the Different Fee Tiers for ICO Registration in 2025?
As of February 2025, the ICO data protection fees have been updated. The tier your business falls into depends on its size and turnover:
Tier 1 – (Micro Organisations): £52 per year (or £47 if you pay by direct debit). This applies if you have a maximum turnover of £632,000 or fewer than 10 staff members.
Tier 2 – (Small and Medium-Sized Organisations): £78 per year (or £73 if you pay by direct debit). This applies if you have a turnover of less than £36 million or fewer than 250 staff members.
Tier 3 – (Large Organisations): £3,763 per year (or £3,758 if you pay by direct debit). This applies if you have a turnover of £36 million or more, or 250+ staff.
Next Steps
Managing your legal requirements can be challenging as an e-commerce entrepreneur. Whether it’s VAT in EU countries, ICO, or business registration, if you need some advice, our e-commerce accountants will be happy to help. Don’t risk fines and headaches down the road; get in touch today.
The best time to act is now.
hello@unicornaccounting.co.uk
Related Articles:
https://unicornaccounting.co.uk/blog/practical-ai-strategies-for-effective-ecommerce-management/
https://unicornaccounting.co.uk/blog/how-to-master-data-driven-decision-making/
Get A Free Quote
Breakout E-commerce accountants and Xero specialists to supercharge your UK online business growth.