The ICO exists to empower you through information.

Information we will collect and publish

Share Download options

Pages

Format

When paying the data protection fee, you will need to tell us the following:

  • The name and address of the controller. (For registered companies this should be the address of its registered office; for any other person carrying on a business, this should be that person’s principal place of business in the UK. If you use a domestic address in the course of your business and you don't want this to be included on the register of fee payers, please call our helpline on 0303 123 1113)
  • The number of members of staff you have.
  • The turnover for your financial year.
  • Any other trading names you have.

We will also ask for the names and contact details of the following people:

  • The person completing the registration process.
  • A relevant person in your organisation (or another relevant representative) whom we can contact about our regulatory purposes (for example, renewing the data protection fee when it is due or sending information to support compliance), if this is different from the above.
  • Your Data Protection Officer (DPO), if you must have one under the GDPR – again if this is different from the above.

We will publish details of all controllers who pay the data protection fee on the register of fee payers. However, we won’t publish all the information you give us.

The information we publish on the register will be limited to the following:

  • The name and address of the controller, but not details about individuals nominated as contact points for us. (If you use a domestic address in the course of your business and you don’t want this to be included on the register of fee payers, please call our helpline on 0303 123 1113)
  • The registration reference we give you.
  • The level of fee you have paid (that is tier 1, tier 2 or tier 3).
  • The date you paid the fee and when it is due to expire.
  • Any other trading names you have.
  • Contact details for your Data Protection Officer (DPO), if you have told us you have one.
  • The name of your Data Protection Officer (DPO), if you have told us you have one and if they consent to this. (You will be asked to tick an ‘opt in’ box if they do consent.)

If a Data Protection Officer (DPO) opts out of having their name published on the register of fee payers and we are asked to release it under the Freedom of Information Act 2000, we will have to consider whether we can disclose it. We won’t routinely provide this information, but may have to disclose it if our position is challenged in law and we are ordered to do so.