Information Commissioners Office
The Information Commissioner’s Office (ICO) is the UK’s independent regulator responsible for upholding information rights in the public interest. It promotes openness by public bodies and protects individual privacy rights. The ICO is an executive non-departmental public body sponsored by the Department for Science, Innovation, and Technology (DSIT).
The Data Protection Register
The ICO maintains the Data Protection Register, which lists organisations and individuals that process personal data as defined under the Data Protection Act 2018. Registration is a legal requirement for organisations that handle personal data, ranging from small businesses to large corporations. As of 2024, there are over 900,000 registered organisations.
Registration Fees
Under the Data Protection (Charges and Information) Regulations 2018, organisations must pay an annual fee to the ICO unless they qualify for an exemption. The fees are categorised into three tiers:
- Tier 1 – Micro Organisations:
- Turnover: ≤ £632,000 or ≤ 10 staff members.
- Fee: £40 per year.
- Tier 2 – Small and Medium Organisations:
- Turnover: ≤ £36 million or ≤ 250 staff members.
- Fee: £60 per year.
- Tier 3 – Large Organisations:
- Organisations not meeting the criteria for Tiers 1 or 2.
- Fee: £2,900 per year.
The Data Protection Register includes details such as the registration number, organisation name, registration dates, payment tier, and the data controller’s contact information.
Exemptions
Certain organisations are exempt from paying the fee or qualify for reduced rates:
- Public Authorities: Categorised by staff size only, excluding turnover.
- Charities: Always liable for the Tier 1 fee, regardless of size or turnover.
- Small Occupational Pension Schemes: Liable for the Tier 1 fee.
Enforcement and Legislation
The ICO enforces compliance with key information rights laws, including:
- Data Protection Act 2018
- Privacy and Electronic Communications Regulations
- Freedom of Information Act
- General Data Protection Regulation (UK GDPR)
- Environmental Information Regulations
The ICO can issue warnings, fines, or prosecute organisations failing to meet their obligations. Recent fines have targeted organisations for breaches such as data mishandling, unsolicited marketing, and non-compliance with information requests.
Post-Brexit Updates
Following Brexit, the UK’s data protection framework is governed by the UK GDPR, aligning with the Data Protection Act 2018. Future updates, including changes to international data transfers, will be announced via the ICO’s website.
Useful Links
- ICO Official Website Provides detailed guidance on data protection, registration requirements, and resources for organisations and individuals.
- Data Protection Fee and Registration Information Offers a comprehensive overview of registration tiers, exemptions, and payment details for the Data Protection Register.
For more detailed insights into companies and their regulatory filings, explore our Business data product which provides extensive Company Data on all UK-registered companies.