The ICO exists to empower you through information.

SME Data Essentials terms and conditions

Share

What is SME Data Essentials?

The SME Data Essentials programme provides important information on how you must keep people’s personal information safe and use it responsibly.

The programme is a pilot and is free to a group of small- and medium-sized businesses.

Why is it important?

Your business has a legal obligation to comply with data protection laws. These are the rules for processing personal information.

Participation in the SME Data Essentials programme will:

  • help you to meet the rules;
  • show your commitment to protecting people’s personal information;
  • provide you with the reassurance that you have some basic key requirements in place; and
  • support you to build beyond basic requirements.

Will completing the programme mean the ICO endorses my business?

No. Taking part in SME Data Essentials must not be seen as confirmation or endorsement by the ICO of your compliance with data protection laws.

You’re still responsible for complying with your data protection obligations.

If you’re unsure whether you’re doing something right or not you can contact us. We’re here to help. You should also think carefully about whether you need to get independent legal advice.

What does it involve?

By participating in the SME Data Essentials programme, your business agrees to:

1

Complete online learning modules

Approximately 11 modules

Duration approx. 15 minutes each

2

Complete self-assessment exercises

This must be done as accurately as possible, and you must address any gaps identified.

3

[If necessary] Re-take self-assessments

To confirm all questions can be answered affirmatively

4

[If selected] Accept an invitation to a free online advisory check-up.

This is a one-to-one session with an ICO representative to provide advice on your current data practices.

5

Complete periodic surveys

The ICO needs to assess what works well and make improvements to the programme.

Who can participate?

To sign up to SME Data Essentials, your business must:

  • be on the public register of data protection fee payers or meet an exemption criteria; and
  • have fewer than 250 members of staff.

Who cannot participate?

The programme is not suitable for businesses that:

  • employ a Data Protection Officer;
  • are data protection consultants or similar specialists;
  • are a data centric business eg data broker;
  • use systematic and extensive profiling which has significant effects on people eg using personal data to target children or vulnerable people and send them marketing information;
  • process special category or criminal offence data on a large scale eg a general hospital keeping lots of medical records;
  • systematically monitor publicly accessible places on a large scale eg CCTV being used to monitor a city centre.

Can I share the SME Data Essentials material?

This trial will grant participants access to ICO content and materials which are not publicly available.

Existing rules about any ICO logos, branding or other intellectual property rights remain the same. You can’t use the SME Data Essentials materials on your website, or anywhere else, unless an authorised ICO representative grants you this right in writing.

What happens afterwards?

On completion of the SME Data Essentials programme, the ICO will keep your business informed of future developments in this area and provide priority approval to future phases.

Who do I contact with a query?

If you have any questions about SME Data Essentials, please contact us.