Register of data controllers

The register of data controllers was a United Kingdom database under the control of the UK Information Commissioner's Office (ICO) mandated by section 19 of the Data Protection Act 1998.

The register of fee payers is the name of an equivalent register established under the Data Protection Act 2018, which implements the European Union's General Data Protection Regulation (GDPR).

Registration under either Act carries a fee, the proceeds of which fund the costs of the ICO. Any entry may be inspected by the public at any time at no cost to the enquirer.

Data Protection Act 1998
Under the 1998 Act, the name of the data controller was recorded with the purpose(s) for the processing of the data processed by that controller within the meaning of the Act.

The 1998 Act established a distinction between data controllers and data processors, to whom distinct legal and governance obligations applied: data controllers determined the purposes for which personal data was held or processed, whereas data process data on behalf of another data controller.

A data controller may, under some circumstances, be exempt from registration (previously termed notification). When not exempt, failure to notify the Information Commissioner's Office formally before the start of processing data was a strict liability offence for which a prosecution may be brought by the Information Commissioner's Office in the criminal court of the UK. Failure to notify was a criminal offence unless exempt. Exemption from registration does not exempt a data controller from compliance with The Act.

Amendments to a data controller's notification could be made at any time, and must have been made before the start of a new processing purpose.

Data Protection Act 2018
Under the 2018 Act, the register is called the register of fee payers, and the purposes for processing are nor supplied, though other trading names and the name of a Data Protection Officer may be given. The distinction between data controllers and data processors remains in place. the ICO reports that there are over one million registered fee payers.

The enforcement of the Act by the Information Commissioner's Office is supported by a data protection charge on UK data controllers under the Data Protection (Charges and Information) Regulations 2018. Exemptions from the charge were left broadly the same as for 1998 Act: largely some businesses and non-profits internal core purposes (staff or members, marketing and accounting), household affairs, some public purposes, and non-automated processing. Under the 2018 Act, the enforcement regime for registration changed from criminal to civil monetary penalties.