Register of data controllers
The Register of data controllers is a United Kingdom database under the control of the UK Information Commissioner's Office mandated by the UK Data Protection Act 1998[1] (The Act) which records the name of the data controller[2] and the purpose(s) for the processing of the data processed by that controller within the meaning of The Act.[3][4][5]
Under The Act a data controller may, under some circumstances, be exempt from registration (previously termed notification).[6] When not exempt,[7] failure to notify the Information Commissioner's Office formally before the start of processing data is a strict liability offence for which a prosecution may be brought by the Information Commissioner's Office in the criminal court of the UK.[8] Failure to notify is a criminal offence unless exempt. Exemption from registration does not exempt a data controller from compliance with The Act.
Amendments to a data controller's notification may be made at any time, and must be made before the start of a new processing purpose.
Registration carries a fee, the proceeds of which fund the UK Information Commissioner's Office directly.
Any entry may be inspected at any time at no cost to the enquirer.[3]
References
- ↑ "Data Protection Act 1998". Office of Public Sector Information. Retrieved 2009-11-18.
- ↑ "Data Protection Act 1998 - Part 1, Basic Interpretive Provisions - Section 1". Office of Public Sector Information. Retrieved 2009-11-18.
'data controller' means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed;
- 1 2 "Register of data controllers". UK Information Commissioner's Office. Retrieved 2015-07-16.
We publish the name and address of these data controllers, as well as a description of the kind of processing they do.
- ↑ "Register of Data Controllers". The Advertising Protection Agency. Retrieved 22 March 2012.
The ICO then publishes certain details from the registration data in the register of data controllers which is available to the public for inspection.
- ↑ "Notifying the Information Commissioner's Office about personal information". Business Link. Retrieved 22 March 2012.
The Data Protection Act 1998 requires businesses to give details about the way they process personal information to the Information Commissioner's Office (ICO) for inclusion in a public register, unless they are exempt. This is called notification.
- ↑ "Register (notify) under the Data Protection Act". UK Information Commissioner's Office. Retrieved 2015-07-16.
The Data Protection Act 1998 requires every data controller (eg organisation, sole trader) who is processing personal information to register with the ICO, unless they are exempt.
- ↑ "In brief – are there any exemptions from the Data Protection Act?". UK Information Commissioner's Office. Retrieved 2015-07-16.
... there are some exemptions from the Act to accommodate special circumstances.
- ↑ "Register of Data Controllers - University of Strathclyde". University of Strathclyde. Retrieved 22 March 2012.
Every organisation that processes, i.e. holds and uses, personal information must be registered with the UK Information Commissioner's Office (ICO), unless they are exempt. This registration is a statutory requirement under the Data Protection Act and failure to notify the ICO is a criminal offence.
External links
- The Register of data controllers, at which any entry may be inspected at no charge.