DO WE NEED TO REGISTER WITH
THE INFORMATION COMMISSIONER?
Prior to 25 May 2018
Yes, as a data controller, you need to be registered with the Information Commissioner’s Of ce (ICO). There is an exemption from registration if you are a not-for-pro t organisation, which only deals with personal information for the purposes of establishing and maintaining a membership, supporting the institute, or providing or administering activities for members or those who have regular contact with the institute. More detail is available here: https://ico.org.uk/media/1567/exemption-from-registration-for-not-for-pro t- organisations.pdf
As most institutes engage with the public, it is likely that you will need to register with the ICO.
If you are exempt from registration (noti cation), you still have to comply with the rest of the DPA, and can choose to voluntarily register if you want to.
(All users of CCTV systems must register with the ICO, even if you do not make any other use of the data.)
The current fees payable annually for registration is £35 for charities, regardless of size or turnover.
Post May 2018
The situation is less clear. The GDPR removes the requirement to register entirely, but the UK has enacted speci c legislation which means that we might re-instate the requirement. At the time of writing, this hasn’t been decided either way.
HOW DOES THE ORGANISATION COMPLY WITH THE DPA?
Principally, by ensuring that you are compliant with the data protection principles which form the core of data protection legislation. These are, essentially:
1. Personal information must, at all times, be dealt with in a way that is fair, and transparent, and meets one of the speci c conditions laid out in the
Chapter 11 211