Notification handbook
Introduction
This handbook contains the Information Commissioner’s guidance on notification under the Data Protection Act 1998. Notification is a statutory requirement and every organisation must notify the Information Commissioner’s Office (ICO), unless they are exempt.
Notification is the process by which a data controller informs the Information Commissioner of certain details about their processing of personal information. These details are used by the Information Commissioner to make an entry describing the processing in a register that is available to the public for inspection (on the ICO website at www.ico.gov.uk).
The principal purpose of having notification and the public register is transparency and openness. It is a basic principle of data protection that the public should know (or should be able to find out) who is carrying out the processing of personal information as well as other details about the processing (such as for what reason it is being carried out).
Notification, therefore, serves the interests of individuals in assisting them to understand how personal information is being processed by data controllers.
It is not, however, intended and (nor is it practicable) that the register should contain very detailed information about a data controller’s processing. The aim is to keep the content at a general level, with sufficient detail to give an overall picture of the processing. More detail is only necessary to satisfy specific statutory requirements or where there is particular sensitivity.
We have designed the notification scheme in accordance with these objectives and have tried to cut down the detail and the process to the minimum, while still fulfilling the statutory requirements. We ask data controllers to bear this in mind when providing information for notification, and not to go into unnecessary detail or make unnecessary changes.