Ask RyanQuestion submission Date: September 2023

Full question:I’ve received letters from the ICO and the Pensions Regulator – do I legally have to do anything with these?

When running a company, you’re probably receiving quite a few letters – some from those selling their services, some official bodies with relevant and important information you need to act upon, but, some could unfortunately be posing as said official bodies.

Of course, for those using a registered office address service, you may be shielded from some of the spam and forwarded on only what’s deemed relevant.

There are two letters in particular for which we at Integro are often asked “is this real?” and “what do I need to do?”. These are from:

  1. Information Commissioner’s Office (ICO)
  2. The Pensions Regulator (TPR)

Both are real and official bodies, and these letters shouldn’t be ignored – failure to comply could land your business with a hefty fine or penalty. I’ll break down both to give you more of an idea of what to look out for, and what you need to do with them below.

Information Commissioner’s Office (ICO) Letters

The ICO is the UK’s independent regulator for data protection and freedom of information. They aim to ensure all UK registered businesses that are required to pay a data protection fee register with them and make their payment by the deadline set out in their letter.

How do I know if I should register with the ICO?

ICO state that “individuals and organisations that process personal data need to pay a data protection fee, unless they are exempt” – so it’s important to note, that this isn’t just applicable to limited companies – but any individual or business.

Whether you need to register depends on whether your company processes personal data. There is a wealth of information available on the ICO website which explains in detail the meaning of ‘personal data’. According to the ICO, ‘personal data’ has to be information that ‘relates to an individual’; and as such, establishing whether or not the information your company holds for clients and agencies etc relates to an individual will be key in establishing whether you need to register with the ICO and pay the fee.

On their page What is the meaning of ‘relates to’?, there are some good examples which may help, including a case involving a lawyer whereby the activities of the business had very quickly changed from ‘not processing personal data’ to ‘processing personal data’.

It is your responsibility to review of the information provided by the ICO, and establish whether you should answer ‘yes’ or ‘no’ to the question ‘Are you processing personal information’ in the ICO’s registration self-assessment form.

Whilst as Accountants, we cannot advise as to whether or not you need to register your company, we would always err on the side of caution – after all – paying the fee could give you peace of mind over any future use of data already held, but speaking with the ICO should clear up any questions you may have.

Beware of scams…

Whilst the ICO is absolutely real, they have warned of scams from fake companies requesting payment of a data protection fee, be that over email, letter or telephone. We’d advise that when making a payment to the ICO you only do this directly from their official website.

The Pensions Regulator (TPR) letters

TPR is the governing body and regulator for pensions in the UK, working with; and giving guidance to employers to ensure the safety of individual’s savings for their retirements via pension auto enrolment.

How do I know if this applies to me?

Every employer (anyone/ any business employing at least one person) has legal responsibilities. The Pensions Act 2008 stipulates that all UK employers put certain staff into and contribute towards a workplace pension scheme through a system called auto enrolment.

Furthermore, any company paying a salary to an employee needs to report to the TPR as to whether they are paying their employees pensions or not. But, where you don’t deem yourself to be an employer (perhaps you’re a sole director with no other staff, for example), you will still need to tell them, even if you believe you have no auto enrolment duties.

Where your business does have a pension scheme, typically, TPR will write to request the PAYE scheme details, stating when and how this is to be done by. An online submission is then required, using details enclosed in the letters/reminders sent.

TPR have a handy tool online, answer a few questions and they’ll advise on the next steps appropriate to you.

Can my accountant help with this?

The responsibility for meeting the legal requirements of auto enrolment lies with the employer (the Limited company), so it should not be assumed that this is something your accountant will take care of. That said, here at Integro we can assist with the submission, but only after receiving the reminder from the Pension Regulator, containing relevant information – we would not, as a matter of course submit anything automatically without prior conversation with our client and would advise that where in doubt, you should always speak to your accountant.

Ask Ryan

Thanks for reading my answer, I hope you found it useful.

Ryan Dempsey