96:, and the purposes for processing are nor supplied, though other trading names and the name of a Data Protection Officer may be given. The distinction between data controllers and data processors remains in place. As of July 2024 the ICO reports that there are over one million registered fee payers.
103:
is supported by a data protection charge on UK data controllers under the Data
Protection (Charges and Information) Regulations 2018. Exemptions from the charge were left broadly the same as for 1998 Act: largely some businesses and non-profits internal core purposes (staff or members, marketing and
68:
The 1998 Act established a distinction between data controllers and data processors, to whom distinct legal and governance obligations applied: data controllers determined the purposes for which personal data was held or processed, whereas data process data on behalf of another data controller.
359:
Every organisation that processes, i.e. holds and uses, personal information must be registered with the UK Information
Commissioner's Office (ICO), unless they are exempt. This registration is a statutory requirement under the Data Protection Act and failure to notify the ICO is a criminal
80:
for which a prosecution may be brought by the
Information Commissioner's Office in the criminal court of the UK. Failure to notify was a criminal offence unless exempt. Exemption from registration does not exempt a data controller from compliance with The Act.
257:
The Data
Protection Act 1998 requires businesses to give details about the way they process personal information to the Information Commissioner's Office (ICO) for inclusion in a public register, unless they are exempt. This is called
198:'data controller' means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed;
441:
104:
accounting), household affairs, some public purposes, and non-automated processing. Under the 2018 Act, the enforcement regime for registration changed from criminal to civil monetary penalties.
488:
270:
298:
The Data
Protection Act 1998 requires every data controller (eg organisation, sole trader) who is processing personal information to register with the ICO, unless they are exempt.
53:
Registration under either Act carries a fee, the proceeds of which fund the costs of the ICO. Any entry may be inspected by the public at any time at no cost to the enquirer.
533:
419:
210:
310:
151:
227:
The ICO then publishes certain details from the registration data in the register of data controllers which is available to the public for inspection.
84:
Amendments to a data controller's notification could be made at any time, and must have been made before the start of a new processing purpose.
314:
287:
155:
100:
28:
187:
538:
113:
47:
76:). When not exempt, failure to notify the Information Commissioner's Office formally before the start of processing data was a
65:
was recorded with the purpose(s) for the processing of the data processed by that controller within the meaning of the Act.
397:
239:
528:
171:
We publish the name and address of these data controllers, as well as a description of the kind of processing they do.
77:
214:
347:
43:
32:
318:
159:
512:
375:
271:
Data controllers and data processors: what the difference is and what the governance implications are
62:
343:
183:
466:
135:
72:
A data controller may, under some circumstances, be exempt from registration (previously termed
467:"The Data Protection (Charges and Information) Regulations 2018 - Schedule Exempt Processing"
489:"ICO issues the first fines to organisations that have not paid the data protection fee"
21:
522:
244:
442:
Review of exemptions from paying charges to the
Information Commissioner's Office
283:
331:... there are some exemptions from the Act to accommodate special circumstances.
184:"Data Protection Act 1998 - Part 1, Basic Interpretive Provisions - Section 1"
240:"Notifying the Information Commissioner's Office about personal information"
447:(Report). Department for Digital, Culture, Media and Sport. November 2018
24:
311:"In brief – are there any exemptions from the Data Protection Act?"
273:, published 2014, archived on 16 May 2015, accessed on 15 July 2024
114:
General Data
Protection Regulation#United Kingdom implementation
42:
is the name of an equivalent register established under the
344:"Register of Data Controllers - University of Strathclyde"
491:. Information Commissioner’s Office. 28 November 2018
515:, at which any entry may be inspected at no charge.
213:. The Advertising Protection Agency. Archived from
284:"Register (notify) under the Data Protection Act"
422:. Information Commissioner’s Office. 19 May 2023
370:
368:
92:Under the 2018 Act, the register is called the
8:
146:
144:
534:Government databases in the United Kingdom
46:, which implements the European Union's
420:"A guide to controllers and processors"
130:
128:
124:
7:
61:Under the 1998 Act, the name of the
31:(ICO) mandated by section 19 of the
400:. Information Commissioner’s Office
378:. Information Commissioner’s Office
269:Information Commissioner's Office,
188:Office of Public Sector Information
99:The enforcement of the Act by the
48:General Data Protection Regulation
14:
315:Information Commissioner's Office
288:Information Commissioner's Office
156:Information Commissioner's Office
101:Information Commissioner's Office
29:Information Commissioner's Office
398:"Add a Data Protection Officer"
211:"Register of Data Controllers"
152:"Register of data controllers"
1:
27:under the control of the UK
18:register of data controllers
555:
138:, accessed 15 January 2024
539:Law of the United Kingdom
348:University of Strathclyde
376:"Register of fee payers"
136:Data Protection Act 1998
88:Data Protection Act 2018
78:strict liability offence
57:Data Protection Act 1998
44:Data Protection Act 2018
33:Data Protection Act 1998
513:Register of fee payers
94:register of fee payers
40:register of fee payers
469:. legislation.gov.uk
529:Information privacy
217:on 7 January 2011
546:
501:
500:
498:
496:
485:
479:
478:
476:
474:
463:
457:
456:
454:
452:
446:
438:
432:
431:
429:
427:
416:
410:
409:
407:
405:
394:
388:
387:
385:
383:
372:
363:
362:
356:
354:
340:
334:
333:
328:
326:
317:. Archived from
307:
301:
300:
295:
294:
280:
274:
267:
261:
260:
254:
252:
236:
230:
229:
224:
222:
207:
201:
200:
195:
194:
180:
174:
173:
168:
167:
162:on 17 March 2015
158:. Archived from
148:
139:
134:UK Legislation,
132:
554:
553:
549:
548:
547:
545:
544:
543:
519:
518:
509:
504:
494:
492:
487:
486:
482:
472:
470:
465:
464:
460:
450:
448:
444:
440:
439:
435:
425:
423:
418:
417:
413:
403:
401:
396:
395:
391:
381:
379:
374:
373:
366:
352:
350:
342:
341:
337:
324:
322:
321:on 16 July 2015
309:
308:
304:
292:
290:
282:
281:
277:
268:
264:
250:
248:
238:
237:
233:
220:
218:
209:
208:
204:
192:
190:
182:
181:
177:
165:
163:
150:
149:
142:
133:
126:
122:
110:
90:
63:data controller
59:
12:
11:
5:
552:
550:
542:
541:
536:
531:
521:
520:
517:
516:
508:
507:External links
505:
503:
502:
480:
458:
433:
411:
389:
364:
335:
302:
275:
262:
231:
202:
175:
140:
123:
121:
118:
117:
116:
109:
106:
89:
86:
58:
55:
22:United Kingdom
13:
10:
9:
6:
4:
3:
2:
551:
540:
537:
535:
532:
530:
527:
526:
524:
514:
511:
510:
506:
490:
484:
481:
468:
462:
459:
443:
437:
434:
421:
415:
412:
399:
393:
390:
377:
371:
369:
365:
361:
349:
345:
339:
336:
332:
320:
316:
312:
306:
303:
299:
289:
285:
279:
276:
272:
266:
263:
259:
258:notification.
247:
246:
245:Business Link
241:
235:
232:
228:
216:
212:
206:
203:
199:
189:
185:
179:
176:
172:
161:
157:
153:
147:
145:
141:
137:
131:
129:
125:
119:
115:
112:
111:
107:
105:
102:
97:
95:
87:
85:
82:
79:
75:
70:
66:
64:
56:
54:
51:
49:
45:
41:
36:
34:
30:
26:
23:
19:
493:. Retrieved
483:
471:. Retrieved
461:
449:. Retrieved
436:
424:. Retrieved
414:
402:. Retrieved
392:
380:. Retrieved
358:
351:. Retrieved
338:
330:
323:. Retrieved
319:the original
305:
297:
291:. Retrieved
278:
265:
256:
249:. Retrieved
243:
234:
226:
219:. Retrieved
215:the original
205:
197:
191:. Retrieved
178:
170:
164:. Retrieved
160:the original
98:
93:
91:
83:
74:notification
73:
71:
67:
60:
52:
39:
37:
17:
15:
523:Categories
293:2015-07-16
193:2009-11-18
166:2015-07-16
120:References
473:30 April
451:30 April
360:offence.
353:22 March
251:22 March
221:22 March
108:See also
50:(GDPR).
25:database
426:15 July
325:16 July
20:was a
495:1 May
445:(PDF)
404:1 May
382:1 May
313:. UK
286:. UK
154:. UK
497:2020
475:2020
453:2020
428:2024
406:2020
384:2020
355:2012
327:2015
253:2012
223:2012
38:The
16:The
525::
367:^
357:.
346:.
329:.
296:.
255:.
242:.
225:.
196:.
186:.
169:.
143:^
127:^
35:.
499:.
477:.
455:.
430:.
408:.
386:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.