Register of data controllers

Last updated

The Register of data controllers was a United Kingdom database under the control of the UK Information Commissioner's Office mandated by section 19 of the Data Protection Act 1998. [1]

Contents

The Register of fee payers is the new name of an equivalent register under the Data Protection Act 2018, which implements the European Union's General Data Protection Regulation (GDPR).

Registration under both Acts carries a fee, the proceeds of which fund the UK Information Commissioner's Office. Any entry may be inspected by the public at any time at no cost to the enquirer. [2]

Data Protection Act 1998

Under the 1998 Act, the name of the data controller was recorded [3] with the purpose(s) for the processing of the data processed by that controller within the meaning of the Act. [2] [4] [5]

A data controller may, under some circumstances, be exempt from registration (previously termed notification). [6] When not exempt, [7] failure to notify the Information Commissioner's Office formally before the start of processing data was a strict liability offence for which a prosecution may be brought by the Information Commissioner's Office in the criminal court of the UK. [8] Failure to notify was a criminal offence unless exempt. Exemption from registration does not exempt a data controller from compliance with The Act.

Amendments to a data controller's notification could be made at any time, and must have been made before the start of a new processing purpose.

Data Protection Act 2018

Under the 2018 Act, the register is called the Register of fee payers, and the purposes for processing are nor supplied, though other trading names and the name of a Data Protection Officer may be given. [9] [10]

The enforcement of the Act by the Information Commissioner's Office is supported by a data protection charge on UK data controllers under the Data Protection (Charges and Information) Regulations 2018. Exemptions from the charge were left broadly the same as for 1998 Act: largely some businesses and non-profits internal core purposes (staff or members, marketing and accounting), household affairs, some public purposes, and non-automated processing. [11] [12] Under the 2018 Act, the enforcement regime for registration changed from criminal to civil monetary penalties. [13]

Related Research Articles

<span class="mw-page-title-main">Driver and Vehicle Licensing Agency</span> UK government department

The Driver and Vehicle Licensing Agency is the organisation of the UK government responsible for maintaining a database of drivers in Great Britain and a database of vehicles for the entire United Kingdom. Its counterpart for drivers in Northern Ireland is the Driver and Vehicle Agency (DVA). The agency issues driving licences, organises collection of vehicle excise duty and sells personalised registrations.

<span class="mw-page-title-main">Criminal record</span> Record of a persons criminal history

A criminal record is a record of a person's criminal convictions history. The information included in a criminal record and the existence of a criminal record varies between countries and even between jurisdictions within a country. In most cases it lists all non-expunged criminal offences and may also include traffic offences such as speeding and drunk driving. In most countries a criminal record is limited to unexpunged and unexpired actual convictions, while in some it can also include arrests, charges dismissed, charges pending and charges of which the individual has been acquitted. The term rap sheet refers to Record of Arrest and Prosecution, similar to a criminal record.

<span class="mw-page-title-main">Data Protection Act 1998</span> United Kingdom legislation

The Data Protection Act 1998 (DPA) was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

<span class="mw-page-title-main">Information Commissioner's Office</span> Non-departmental public body

The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology. It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland. When they audit an organisation they use Symbiant's audit software.

<span class="mw-page-title-main">Freedom of Information Act 2000</span> Act of Parliament in the United Kingdom

The Freedom of Information Act 2000 is an Act of the Parliament of the United Kingdom that creates a public "right of access" to information held by public authorities. It is the implementation of freedom of information legislation in the United Kingdom on a national level. Its application is limited in Scotland to UK Government offices located in Scotland. The Act implements a manifesto commitment of the Labour Party in the 1997 general election, developed by David Clark as a 1997 White Paper. The final version of the Act was criticised by freedom of information campaigners as a diluted form of what had been proposed in the White Paper. The full provisions of the act came into force on 1 January 2005. The Act was the responsibility of the Lord Chancellor's Department. However, freedom of information policy is now the responsibility of the Cabinet Office. The Act led to the renaming of the Data Protection Commissioner, who is now known as the Information Commissioner. The Office of the Information Commissioner oversees the operation of the Act.

<span class="mw-page-title-main">Violent and Sex Offender Register</span> Database of sex offenders in the United Kingdom

In the United Kingdom, the Violent and Sex Offender Register (ViSOR) is a database of records of those required to register with the police under the Sexual Offences Act 2003, those jailed for more than 12 months for violent offences, and those thought to be at risk of offending. In response to a Freedom of Information request in 2009, for example, Greater Manchester Police reported that of 16 people in their area placed on ViSOR since 2007 on their initiative and not as a result of a relevant conviction, four (25%) had clean criminal records.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Freedom of information (FOI) in the United Kingdom refers to members of the general public's right to access information held by public authorities. This right is covered in two parts:

  1. Public authorities must regularly publish updates and information regarding their activities, and
  2. Members of the public can make requests for information and updates regarding the activities of public authorities.

The Telephone Preference Service (TPS) is the United Kingdom's official do not call list. It allows businesses and individuals to opt out of unsolicited marketing calls.

A GPS tracking unit, geotracking unit, satellite tracking unit, or simply tracker is a navigation device normally on a vehicle, asset, person or animal that uses satellite navigation to determine its movement and determine its WGS84 UTM geographic position (geotracking) to determine its location. Satellite tracking devices may send special satellite signals that are processed by a receiver.

In England and Wales, a claims management company is a business that offers claims management services to the public. Claims management services consist of advice or services in respect of claims for compensation, restitution, repayment or any other remedy for loss or damage, or in respect of some other obligation. Claims management services cover litigation, or claims under regulation schemes or voluntary arrangements.

<span class="mw-page-title-main">Pesticide regulation in the United States</span>

Pesticide regulation in the United States is primarily a responsibility of the Environmental Protection Agency (EPA). In America, it was not till the 1950s that pesticides were regulated in terms of their safety. The Pesticides Control Amendment (PCA) of 1954 was the first time Congress passed guidance regarding the establishment of safe limits for pesticide residues on food. It authorized the Food and Drug Administration (FDA) to ban pesticides they determined to be unsafe if they were sprayed directly on food. The Food Additives Amendment, which included the Delaney Clause, prohibited the pesticide residues from any carcinogenic pesticides in processed food. In 1959, pesticides were required to be registered.

The National Industrial Chemicals Notification and Assessment Scheme (NICNAS) is the Australian government's regulatory body for industrial chemicals. NICNAS is designed to help protect workers, the public and the environment from the harmful effects of industrial chemicals. It does so by making risk assessment and safety information on chemicals widely available and providing recommendations for their safe use. NICNAS also informs importers and manufacturers of their legal responsibilities.

<span class="mw-page-title-main">Places of Worship Registration Act 1855</span> United Kingdom legislation

The Places of Worship Registration Act 1855 is an Act of the Parliament of the United Kingdom which governs the registration and legal recognition of places of worship. It applies only in England and Wales, and does not cover the Church of England which is exempt from the Act's requirements. Nor does it affect the Church in Wales, which remains part of the Anglican Communion although it is no longer the Established Church in Wales. Registration is not compulsory, but it gives certain financial advantages and is also required before a place of worship can be registered as a venue for marriages.

The Data Protection (Jersey) Law 2018 is an information privacy law in the Crown Dependency of the Bailiwick of Jersey, one of the Channel Islands. The latest version is 2018, updating the previous law from 2005 to mirror the General Data Protection Regulation (GDPR). It was adopted on 25 May 2018.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

<span class="mw-page-title-main">Board of Audit and Inspection</span> Supreme audit institution of South Korea

The Board of Audit and Inspection is a national organization headquartered in Seoul, South Korea. Its primary function is the audit and inspection of the accounts of state and administrative bodies.

<span class="mw-page-title-main">Data Protection Act, 2012</span> Legislation enacted by the Parliament of the Republic of Ghana

The Data Protection Act, 2012 is legislation enacted by the Parliament of the Republic of Ghana to protect the privacy and personal data of individuals. It regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Non compliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction. The Act also establishes a Data Protection Commission, which is mandated to ensure compliance with its provisions, as well as maintain the Data Protection Register.

The National Pupil Database (NPD) is a database controlled by the Department for Education in England, based on multiple data collections from individuals age 2-21 in state funded education and higher education. Data are matched using pupil names, dates of birth and other personal and school characteristics, including special educational needs, disability, and indicators for free school meals, a child in care, and families in the armed forces. Personal details are linked to pupils' attainment and exam results over a lifetime school attendance.

<span class="mw-page-title-main">Data Protection Act 2018</span> United Kingdom legislation

The Data Protection Act 2018 is a United Kingdom Act of Parliament which updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

References

  1. UK Legislation, Data Protection Act 1998, section 19, accessed 15 January 2024
  2. 1 2 "Register of data controllers". UK Information Commissioner's Office . Retrieved 2015-07-16. We publish the name and address of these data controllers, as well as a description of the kind of processing they do.
  3. "Data Protection Act 1998 - Part 1, Basic Interpretive Provisions - Section 1". Office of Public Sector Information . Retrieved 2009-11-18. 'data controller' means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed;
  4. "Register of Data Controllers". The Advertising Protection Agency. Archived from the original on 7 January 2011. Retrieved 22 March 2012. The ICO then publishes certain details from the registration data in the register of data controllers which is available to the public for inspection.
  5. "Notifying the Information Commissioner's Office about personal information". Business Link . Retrieved 22 March 2012. The Data Protection Act 1998 requires businesses to give details about the way they process personal information to the Information Commissioner's Office (ICO) for inclusion in a public register, unless they are exempt. This is called notification.
  6. "Register (notify) under the Data Protection Act". UK Information Commissioner's Office . Retrieved 2015-07-16. The Data Protection Act 1998 requires every data controller (eg organisation, sole trader) who is processing personal information to register with the ICO, unless they are exempt.
  7. "In brief – are there any exemptions from the Data Protection Act?". UK Information Commissioner's Office. Archived from the original on 16 July 2015. Retrieved 16 July 2015. ... there are some exemptions from the Act to accommodate special circumstances.
  8. "Register of Data Controllers - University of Strathclyde". University of Strathclyde . Retrieved 22 March 2012. Every organisation that processes, i.e. holds and uses, personal information must be registered with the UK Information Commissioner's Office (ICO), unless they are exempt. This registration is a statutory requirement under the Data Protection Act and failure to notify the ICO is a criminal offence.
  9. "Register of fee payers". Information Commissioner’s Office. Retrieved 1 May 2020.
  10. "Add a Data Protection Officer". Information Commissioner’s Office. Retrieved 1 May 2020.
  11. Review of exemptions from paying charges to the Information Commissioner's Office (PDF) (Report). Department for Digital, Culture, Media and Sport. November 2018. Retrieved 30 April 2020.
  12. "The Data Protection (Charges and Information) Regulations 2018 - Schedule Exempt Processing". legislation.gov.uk. Retrieved 30 April 2020.
  13. "ICO issues the first fines to organisations that have not paid the data protection fee". Information Commissioner’s Office. 28 November 2018. Retrieved 1 May 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.