All data controllers must register with the Information Commissioner’s Office (ICO) and renew their registration annually.

Notification is a statutory requirement and every organisation that processes personal information must notify the ICO, unless they are exempt. Failure to notify is a criminal offence.DataProtection_ArticleImage

Notification is the process by which a data controller gives the ICO details about their processing of personal information. The ICO then publishes certain details in the register of data controllers, which is available to the public for inspection.

The main purpose of the public register is transparency and openness. The register includes the names and addresses of data controllers and a description of the kind of processing they do.

You can search the register online at:

Registration is done via a simple online form. The form must be signed and sent to the ICO along with the annual fee.

The fee for registration is either £35 or, for businesses with over 250 employees and a turnover exceeding £29.5M, £500.

For a copy or to print the registration form, go to the ICO’s website: