Approval standards and guidelines: data protection registration
Updated 2 August 2024
Approval standard: data protection registration
When must this standard be met
This standard must be met for all applications to access UKHSA data classified as ‘Protected’.
Standard
All applications must demonstrate that each named applicant and appointed data processor has met their obligations under the Data Protection (Charges and Information) Regulations 2018 (unless exempt) to maintain a valid ICO data protection fee payer’s registration. The details of each registration must be documented in the UKHSA data application form.
Guidelines
Data protection registration
The Data Protection (Charges and Information) Regulations 2018 require every UK-based organisation or sole trader that processes personal information to pay a data protection fee to the Information Commissioner’s Office (ICO).
The information provided to the ICO is published on a register.
All UK-based applicants, as well as the data processors they appoint, must have registered with the ICO and paid the applicable fee. The UKHSA data application form and its annexes must detail the registration information to be valid.