The Information Commissioner's Office (ICO)

The ICO is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The ICO is responsible for:

  • Promoting good practice in handling personal data and giving advice and guidance on data protection.
  • Ensure data controllers pay the appropriate data protection fee and provide and update basic information about their firm.
  • Helping to resolve disputes by deciding whether it is likely or unlikely that an organisation has complied with the GDPR when processing personal data.
  • Taking action to enforce compliance with GDPR, where appropriate.
  • Bringing prosecutions for offences committed under GDPR (except in Scotland, where the Procurator Fiscal brings prosecutions).
Under GDPR data controllers must pay the ICO a data protection fee unless they are exempt. The new data protection fee replaces the requirement to ‘notify’ or (register) under the DPA. Since all firms hold responsibilities under GDPR, the ICO requires less information than was required under the DPA. Data controllers must provide:

  • The name and address of the controller
  • The number of members of staff the firm has
  • The turnover for the financial year
  • Any other trading names the firm has
  • Contact details for the person completing the fee registration process and the Data Protection Officer (if the firm is required to have a member of staff with that particular designation under GDPR).