It is sometimes overlooked that organisations (data controllers) that use personal information about individuals should be registered under the Data Protection Act 1998 and there are legal obligations concerning the protection of personal information. Failure to notify the Information Commissioners Office (ICO) is a criminal offence.

As an example where organisations process personal information for the following purposes then registration will need to be made to ICO:

• Accountancy and auditing
• Legal services
• Education
• Provision of financial services and advice
• Consultancy and advisory services
• Health administration and provision of patient care
• See guide detailed below for further examples

There are possible exemptions for notifying ICO (that include not-for-profit organisations) but data controllers must comply with the provisions of the 1998 Act even if they are exempt from the Act .

There are a number of data protection principles that cover the regulations for personal information. These principles include the security, accuracy and length of time information is kept.

For smaller organisations the registration fee is £35. For organisations with turnover of £25.9M and 250 or more members of staff the fee is £500.

There is an online Self assessment guide - notification which will help you comply with the Data Protection Act. The guide will lead you through a series of questions to confirm if you should register and provides a checklist to assist you take the necessary precautions with personal information. The registration can be completed online New Registration - Data Protection Act - ICO. 

Please contact us for if you have any questions.