How to register with the Information Commissioner as a Data Contoller
The Data Protection Act 1998 requires every data controller who is processing personal data to 'notify', unless they are exempt. Notification is for one year and needs to be renewed annually. Unless your business has a turnover in excess of £25.9M and you emply 250 or more members of staff, the annual registration fee is currently £35.
Failure to notify is a criminal offence. See the
Information Commissioner’s notification web page for more information, or call the notification help line on 01625 545745.
You may be exempt if you only process personal information for core business purposes such as your own marketing, staff administration, or invoicing. The Information Commissioner’s website provides an
online self-assessment or a
downloadable self-assessment guide to help you determine whether notification is required.
More information about the Data Protection Act
Guidance on how to comply with the Data Protection Act from the British Standards Institute, including a data protection pocket guide and an online self-assessment tool.
Full details of the
Data Protection Act and the Information Commissioner’s role can be found on the Information Commissioner’s website
Data Protection Good Practice Notes from the Information Commissioner's office:
A quick '
how to comply' checklist (opens a pdf file)
Data protection
training checklist for small and medium sized organisations (opens a pdf file
Responding to subject access requests