Guidance

Approval standards and guidelines: data protection registration

Updated 2 August 2024

Approval standard: data protection registration

When must this standard be met

This standard must be met for all applications to access UKHSA data classified as ‘Protected’.

Standard

All applications must demonstrate that each named applicant and appointed data processor has met their obligations under the Data Protection (Charges and Information) Regulations 2018 (unless exempt) to maintain a valid ICO data protection fee payer’s registration. The details of each registration must be documented in the UKHSA data application form.

Guidelines

Data protection registration

The Data Protection (Charges and Information) Regulations 2018 require every UK-based organisation or sole trader that processes personal information to pay a data protection fee to the Information Commissioner’s Office (ICO).

The information provided to the ICO is published on a register.

All UK-based applicants, as well as the data processors they appoint, must have registered with the ICO and paid the applicable fee. The UKHSA data application form and its annexes must detail the registration information to be valid.