Font Size

Notification Under the Data Protection Act 1988


Lawdit Solicitors - Expert Author

Legal Articles
Submit Articles   Back to Articles

10 October 2009

Notification is a statutory requirement and every organisation that processes personal information must notify the Information Commissioner's Office (ICO), unless they are exempt. Failure to notify is a criminal offence.

Notification is the process by which a data controller gives the ICO details about their processing of personal information. The ICO publishes certain details in the register of data controllers , which is available to the public for inspection.

There is a two-tiered notification fee. The two-tiered structure is based on an organisation's size and turnover. A data controller will need to assess which tier they fall in and hence the fee they are required to pay.

The fee for tier 1 is &pound35 and the fee for tier 2 is &pound500. The ICO do not send invoices but will acknowledge receipt of payment if requested. The period of notification is one year, after which time you will need to renew your notification.

If you are a limited company, you must provide your registered office address, and in all other cases, you must provide the address of your principal place of business. If there is no place of business (eg for a small local voluntary body), you should provide the address of the official who has completed the form.

Only one notification is required per legal entity. This will cover any number of different branches or addresses where the data is processed.

Some further considerations under the Data Protection Act 1988

The Act will usually apply to a business or organisation unless you are an individual holding personal information for your own domestic use for example an address book.

If you are required to comply with the Act, you have a number of legal responsibilities:

to notify the Information Commissioner you are processing information, unless you are an organisation who has personal information only for:

staff administration (including payroll);

advertising, marketing and public relations for your own business; or

accounts and records (some not for profit organisations)

to process the personal information in accordance with the eight principles of the Act; and

to answer subject access requests received from individuals.

Where the information held on a laptop or other portable device could be used to cause an individual damage or distress, in particular where it contains financial or medical information, they should be encrypted. The level of protection provided by the encryption should be reviewed and updated periodically to ensure that it is sufficient if the device was lost or stolen, you may need to seek specialist technical advice. In addition to technical security, organisations must have policies on the appropriate use and security of portable devices and ensure their staff are properly trained in these. If it is brought to the Commissioner's attention that laptops that have been lost or stolen have not been protected with suitable encryption he will consider using his enforcement powers.

The Data Protection Act covers computer records and some manual records. Most computer records can easily be found about a particular person and should be disclosed removing any third party information. Manual records need to be in a relevant filing system. The files which form part of the relevant filing system are structured or referenced in such a way that information about the applicant can be easily located. Where manual files fall within the definition of a relevant filing system, the content will either be sub-divided, which allows the searcher to go straight to the correct category and retrieve the information requested without a manual search, or will be indexed to allow the searcher to go directly to a relevant page.

Jane Coyle is a trainee solicitor at Lawdit and can be contacted at

About the Author

Lawdit Solicitors offer services and advice for litigation, commercial contracts, Intellectual Property and IT legal agreements. We are experts in commercial law with a heavy emphasis on Intellectual Property, Internet and e-commerce law. Lawdit is a member of the International Trademark Association, the Solicitors' Association of Higher Court Advocates and we are the appointed Solicitors to the largest webdesign association in the world, the United Kingdom Website Designers Association.

Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2009-10-16 19:59:59 in Legal Articles

All Articles

Copyright © 2004-2021 Scopulus Limited. All rights reserved.