11. The Information Commissioner

The Commissioner has the responsibility of ensuring that the Data Protection legislation is enforced.

The Information Commissioner (formerly the Data Protection Commissioner under the 1984 Act) keeps a public register of data controllers.  Each register entry must include the name and address of the data controller as well as a description of the processing of personal data carried out under the control of the data controller.  An individual can consult the register to find out what processing of personal data is being carried out by a particular data controller.

The Data Protection Act 1998 requires every data controller who is processing personal data to notify the commissioner unless one of the exemptions listed in the Act applies.  At the commission office a complete copy of the public register is kept and it is updated weekly.

Have a look at the register for your own school      Click here

What happens if an organisation doesn't register?

If an organisation does not register its use of personal data or it provides false information to the registrar, then the organisation may be fined up to £5,000 in the magistrates' court or an unlimited fine in the High Court.