Does an author need to register with the ICO?

Published by Jonathan Ford on

Earning money as an author – whether as a sole trader or through a limited company – means you have to comply with the same rules that any business needs to follow.
The Information Commissioner’s Office (ICO) is the independent organisation responsible for protecting data privacy for individuals.
Every small business is required to register unless exempt. There is an initial registration and an annual registration fee of £40 payable for small businesses.

The ICO are currently sending out lots of reminders to small businesses and there are large fines for not complying with the rules.

Here’s what you need to do.

Decide if you’re exempt

Firstly, you need to decide whether you’re exempt or not. You can do that using the self assessment tool here.

We would expect most authors to have answers that look like this – and this would make them exempt.

There is a sting in the tail though. Question 7 is a list of ‘purposes’ that you may be processing information for. If you answer ‘journalism and media’ or ‘research’ then you are prompted to register. We think some of our clients would fall into those categories.
If you answer ‘ none of the above’ then you are informed you’re exempt. You can notify the ICO that you’re exempt here.

Protective registration

The penalties for failing to register when you should are eye wateringly huge so many businesses on the borderline choose to register as a protective measure. You can register here. It takes about 10 -15 minutes.
Our advice would be to register as a protective measure.

Good practices

Whether or not you’re registered the ICO you are expected to follow good practices to protect personal data and to report breaches. The ICO have some tips here.

Think about what personal data you have, why you need it and what steps you can take to protect it.

If you lost your phone, tablet or laptop could you remotely wipe it? Is data encrypted and password protected?

If you’re storing information in the cloud have you used a secure password that isn’t reused elsewhere? Consider using a password app like Dashlane or the three random words method eg teapotspanieltwig (ok – not entirely random as that’s what I’m looking at right now). Also try to use two factor authentication methods when they’re available. This is where you get sent a text or use an app to generate a code. This additional layer of security is really important as it adds something you have to have (your phone) to something you have to know (your password).


Unfortunately there are quite a few scammers out there who will look to part you from your money. Some of these are deceiving rather than criminal. For example, you can find yourself on a website that appears to be very official. You answer their questions and the company registers you with the ICO – and charges you a fat fee for the privilege. Other companies send letters suggesting you need to be registered with them – and charge you for being on their meaningless register. If in doubt feel free to ask us for help.


One of our client’s emailed us with the following information. You will obviously have to make your own assessment as to whether you need to register.

“Just FYI if anyone else queries this, I’ve been speaking to someone helpful at ICO. I went online to pay the fee, but had to ring when there was no option for writing/author (or anything remotely similar) etc on the drop down menu. I was told that an author wouldn’t need to register as things like keeping social media addresses/newsletter etc don’t count so have been registered as exempt.”