Insights

Information Commissioners Office (ICO) Data Protection Register

Clifford McDowell

The Data Protection Register as managed by the Information Commissioners Office (ICO) lists all organisations and individuals who recognise that they handle personal data as defined under the Data Protection Act 2018. There are currently more than 700k registrants listed.

With the UK due to leave the European Union there may be changes to the current regulations. As the changes occur the ICO will announce these via their Data protection and Brexit page.

The ICO is responsible for the maintenance of the Data Protection Register which includes details on the organisations and individuals that handle personal data. All companies and organisations handling or processing personal data need to be registered. This ranges from local dentists to large credit reference agencies.

The Data Protection (Charges and Information) Regulations 2018 requires every organisation that processes personal information to pay a fee to the Information Commissioner’s Office (ICO) unless they are exempt (see below). Failure to do so will result in a fixed penalty (See ICO Notifications).

There are currently three tiers available when registering to the Data Protection Register.

Tier 1 – Micro organisations: These have a maximum turnover of £632,000 in their last financial year or no more than10 members of staff. The fee for tier 1 is £40 per year.

Tier 2 – Small to Medium organisations: These have a maximum turnover of £36 million in their last financial year or no more than 250 members of staff. The fee for tier 2is £60 per year.

Tier 3 – Large organisations: Any organisation not meeting the criteria for tier 1 or tier 2 have to pay the tier 3 fee of £2,900 per year.

The Data Protection Register includes information on:

  • Registration Number
  • Organisation name (Inc trading names where relevant)
  • Start and Expiry date of registration
  • Payment Tier
  • Contact details for the Data Controller

Exemptions to the Data Protection register

The 2018 Regulations make certain exceptions for some controllers.

  • Public authorities should categorise themselves according to staff numbers only. They do not need to take turnover into account.
  • Charities that are not otherwise subject to an exemption will only be liable to pay the tier 1 fee, regardless of size or turnover.
  • Small occupational pension schemes that are not otherwise subject to an exemption will only be liable to pay the tier 1 fee, regardless of size or turnover.

Information Commissioners Office Enforcements in the news:

Brit housing association blabs 3,500 folks’ sexual orientation, ethnicity in email blunder – Source: The Register
ICO issued fines to 340 organisations for not paying data protection feeSource: teiss
The Data Protection Fee: do landlords and letting agents need to pay?Source: National Landlords Association

How to gain access to the Data Protection Register:

All companies listed in the Data Protection Register in Doorda are mapped to company numbers to ensure seamless integration with the other datasets available in DoordaBiz. These can be accessed via DoordaHost or our API. To see the data in action take a look at explore our data.