Under the Data Protection Act 2018 and UK GDPR, most organisations that process personal data must register with the Information Commissioner's Office (ICO) and pay an annual data protection fee. The fee ranges from £40 to £2,900 depending on the organisation's size and turnover.
Registration involves providing details about the organisation, the types of personal data processed, and the purposes of processing. The ICO maintains a public register of data controllers, which can be searched at ico.org.uk. Failure to register when required is a criminal offence.
Exemptions exist for certain organisations including some not-for-profit bodies, individuals processing data for personal purposes, and organisations that only process data for staff administration, accounts, or advertising their own business. However, most commercial businesses need to register.
BORSCH.AI integrates ICO registration data covering 965,000+ matched UK companies, providing visibility into data protection compliance status. Companies handling personal data without ICO registration may face enforcement action and fines.