The Data Protection Act 1998 requires every data controller who is processing personal information in an automated form to notify, unless they are exempt. Failure to notify is a criminal offence. Register entries have to be renewed annually. If you are required to notify but don’t renew your registration, you are committing a criminal offence.
What are the exemptions from notification?
Most organisations that process personal data must notify the ICO. However, there are some exemptions.
By working through question 1-9 of the online self-assessment or by downloading the Notification exemptions – self-assessment guide you will be able to determine whether you need to notify.
Data controllers who are exempt from notification must comply with the other provisions of the Act, and may choose to notify voluntarily.
We have produced specific guidance on notification for some data controllers:
‘Not-for-profit’ organisations
Barristers’ chambers
Pension trust schemes