When paying the data protection fee, you will need to tell us the following:

  • The name and address of the controller (for registered companies this should be the address of its registered office ; for any other person carrying on a business, this should be that person’s principal place of business in the UK . If you use a domestic address in the course of your business and you don't want this to be included on the public register, you can provide a PO Box or alternative address instead.)
  • The number of members of staff you have
  • The turnover for your financial year.
  • Any other trading names you have.

We will also ask for the names and contact details of the following people:

  • The person completing the registration process.
  • A relevant person in your organisation (or another relevant representative) whom we can contact about our regulatory purposes (for example, renewing the data protection fee when it is due), if this is different from the above .
  • Your data protection officer, if you must have one under the GDPR – again  if this is different from the above.

We will publish details of all controllers who pay the data protection fee on the data protection register, which will be available from our website. However, we won’t publish all the information you give us.

The information we publish on the register will be limited to the following:

  • The name and address of the controller, but not details about individuals nominated as con tact points for us . (If you use a domestic address in the course of your business and you don't want this to be included on the public register, you can provide a PO Box or alternative address instead. )
  • The data protection registration number we give you.
  • The level of fee you have paid (that is , tier 1, tier 2 or tier 3).
  • The date you paid the fee and when it is due to expire.
  • Any other trading names you have.
  • Contact details for your data protection officer, if you have told us you have one.
  • The name of yo ur data protection officer, if you have told us you have one and if they consent to this (you will be asked to tick an ‘opt in’ box if they do consent.)

If a data protection officer opts out of having their name published on the register and we are asked to release it under the Freedom of Information Act 2000, we will have to consider whether we can disclose it. We won’t routinely provide this information, but may have to disclose it if our position is challenged in law and we a reordered to do so.