How to register with the Information Commissioner as a Data Contoller
The Data Protection Act 1998 requires every data controller who is processing personal data to 'notify', unless they are exempt. Notification is for one year and needs to be renewed annually. Unless your business has a turnover in excess of £25.9M and you emply 250 or more members of staff, the annual registration fee is currently £35.
Failure to notify is a criminal offence. See the Information Commissioner’s notification web page
for more information, or call the notification help line on 01625 545745.
You may be exempt if you only process personal information for core business purposes such as your own marketing, staff administration, or invoicing. The Information Commissioner’s website provides an online self-assessment
or a downloadable self-assessment guide
to help you determine whether notification is required.
More information about the Data Protection Act
Guidance on how to comply with the Data Protection Act
from the British Standards Institute, including a data protection pocket guide and an online self-assessment tool.
Full details of the Data Protection Act and the Information Commissioner’s role
can be found on the Information Commissioner’s website
Data Protection Good Practice Notes from the Information Commissioner's office:
A quick 'how to comply' checklist
(opens a pdf file)
Data protection training checklist for small and medium sized organisations
(opens a pdf file
Responding to subject access requests