Are you an online search engine, online marketplace or cloud computing service?
If not, you can ignore this. If you are, read on...

Remember, remember the 1st of November;
We see no reason
Why ICO registration,
Should ever be forgot.

The 10th of May 2018 big bang. Did you miss it?

It was the day Statutory Instrument 506 became law: The Network and Information Systems Regulations 2018 was passed by Parliament.

You will have heard, no doubt, of the GDPR. The General Data Protection Regulation which should, if it is applied correctly, give us control back over our data. You are less likely to have heard of the NIS. NIS? NIS is the EU directive on the security of Networks and Information Systems which was to be enshrined in member state law by May 2018.

The NIS will help make sure UK operators in electricity, transport, water, energy, transport, health and digital infrastructure are prepared to deal with the increasing numbers of cyber threats. The regulations also cover other threats affecting IT, such as power failures, hardware failures and environmental hazards.

Does it apply to me? It does if you're a Relevant Digital Service Provider.

Relevant Digital Service Providers are organisations which provide specific types of digital services: online search engines, online marketplaces and cloud computing services. To be a Relevant Digital Service Provider, you must provide one or more of these services, (and) have your head office in the UK (or have nominated a UK representative) and be a medium-sized enterprise.

There is a general small business exemption for digital services; if you have fewer than 50 staff and a turnover of less than €10 million then you are not a Relevant Digital Service Provider, and NIS does not apply. However, if you are part of a larger group, you may need to include the staff and turnover size of the group when assessing whether the small business exemption applies

Take the ICO's self-assessment test:
Q) How do I know if I'm a 'relevant' Digital Service Providers?
A) The answer will be yes to each of the following questions:

· You provide a digital service in the UK (online search engines, online marketplaces and cloud computing services)
· Your head office is in the UK
· You have a UK representative in the UK
· You are not a micro or small enterprise

What next?

Ok, so you've answered yes to them all, what next? You need to register with the ICO . You can do this by emailing dataprotectionfee@ico.org.uk with the subject line 'RDSP registration details' with the following details in the body of your email:

· the name of your organisation;
· the name of your service;
· the address of your head office, or that of your nominated representative; and
· up-to-date contact details, including the name of a nominated individual whom the ICO can contact about NIS related matters they we need to; their email address and their telephone number.

Further information:
https://www.legislation.gov.uk/uksi/2018/506/made
https://ico.org.uk/for-organisations/the-guide-to-nis
https://www.gov.uk/government/collections/nis-directive-and-nis-regulations-2018>
https://www.ncsc.gov.uk/guidance/introduction-nis-directive