How to Apply for a Data Protection Licence
This article was last updated in line with the Data Protection Act & the GDPR in 2018.
Who needs a Data Protection Licence?
The Data Protection Act 2018 requires all data controllers to register with the Information Commissioner’s Office (ICO). They must apply for a data protection licence and renew their registration annually.
A data controller is any individual or organisation that processes personal information, including sole traders, limited companies, and MPs. If this definition applies to you, you’ll need to register.
Not sure if you need a DPA licence? The ICO website has a self-assessment tool that you can use.
Notification to the ICO
Notification is a statutory requirement. Every individual or organisation that processes personal information must notify the ICO, unless they are exempt. Failure to notify is a criminal offence.
To notify the ICO, you must provide them with details about how and why you process personal information. The ICO then publishes certain details in the register of data controllers, which is available to the public for inspection.
You can search the data protection licence register online here.
How Do I Get a Data Protection Licence?
You can complete your Data Protection Act registration via a simple online form, which you must fully complete. This involves providing details on your organisation, the types of data that you process, the number of employees in your business, and your turnover. You might need to add details of your Data Protection Officer during this process too.
Make sure you have your payment details ready to pay the annual data protection fee.
Need a Course?
Our Data Protection Training Course is designed to help businesses and individuals comply with the essential principles of the UK’s Data Protection Act and the EU’s General Data Protection Regulation (GDPR).
You may also be interested in: Key Principles of the Data Protection Act 2018
Data Protection Licence Fee
The fee for registration depends on the size and turnover of your business. The ICO will determine which of three payment tiers you fit into, which were introduced as part of GDPR. The tiers range from £40 to £2,900, but most organisations will only need to pay £40 or £60.
The three tiers of data protection fees are:
- Tier 1: micro organisations. This tier applies to business with a maximum turnover of £632,000 for the financial year or no more than 10 employees. If this tier applies to you, you must pay £40.
- Tier 2: small and medium organisations. This tier applies to business with a maximum turnover of £36 million for their financial year or no more than 250 employees. If this tier applies to you, you must pay £60.
- Tier 3: large organisations. This tier applies to any businesses that do not meet the criteria for the first two tiers. They must pay £2,900 for the licence fee.
There is no VAT required for a DPA licence. Furthermore, charities and small occupational pension schemes will only need to pay £40, regardless of their size and turnover.
If you’re unsure about which tier you fit into, you can take the ICO’s assessment online.
Data Protection Licence Renewal
You must renew your data protection licence annually. To do this, you’ll need your order and registration reference, and payment details to repay the fee to the ICO. Your business will receive a reminder six weeks before the renewal fee is due.
Be sure to not ignore this reminder, as renewal is absolutely crucial for ensuring you carry out data handling activities legally and securely.