CHAPTER 3: NOTIFYING PROCESSING WITH THE INFORMATION COMMISSIONER

Ever since the first Data Protection Act in 1984, those who process personal data have had an obligation to register on a public register. This is now called notification. There are some exemptions from this obligation. These are quite narrow: however, organisations will not need to notify if the only reasons they process personal data are for what are called the core business purposes. These cover marketing, staff administration and accounting, but care should be taken when relying on these and reference should be made to the Information Commissioner’s website9 and the guidance available. Notification lasts for a year.

From 1st October 2009, there has been a two-tier fee structure. ...

Get Data Protection Compliance in the UK, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.