Data Protection Registration – What’s the Point?
The Data Protection Act imposes a duty on every organisation that processes personal data to register with the Information Commissioner unless they are exempt. Failure to do so is a criminal offence and could lead to a fine of up to £5000 in a magistrate’s court or an unlimited fine in the Crown Court.
A recent case has demonstrated that the ICO is getting more proactive in prosecuting those who fail to notify. In early October 2014 the sole director of a limited company was fined £150, ordered to pay over £1000 prosecution costs and a £20 victim’s surcharge. In addition the company itself was fined £500, ordered to pay over £1000 prosecutions costs and a victim’s surcharge of £50.
The ICO have stated that failure to register shows that the organisation “holds a clear disregard for looking after and protecting the personal information of their customers”.
So, how do you register?
The process is quite simple and can be dealt with mostly online via the Information Commissioner’s website:
If you are not clear about whether you need to register use the self- assessment tool which will give you a decision based upon your answers to 8 straightforward questions. The fee for registration in most cases is £35 per year unless you have a turnover of £25.9 million and more than 249 members of staff or you are a public authority with more than 249 members of staff. If the exceptions apply then the fee will be £500 per year – still modest compared to the possible fines and costs if you are prosecuted for non-compliance.