Guidance Notes for Registration
The following is not intended to constitutea legal interpretation of the requirement to register.
What is Registration?
Registration is the process by which data controllers and data processors (organisations that process personal data) inform the Data Protection Commissioner of certain details about their processing of personal information. These details are used by the Commissioner to make an entry describing the processing in a register that is available to the public for inspection here.
The principal purpose of registration is transparency andopenness. It isa basic principle of data protection that the public should know(or should be able to find out) who is processing their personal information as well as other details about the processing (such as why the processing i taking place).
Who is required to register?
The main categories of data controller required to register with the Data Protection Commissioner (if they hold personal data on computer) are:
- Government Bodies / Public Authorities
- Banks and financial / credit institutions
- Insurance undertakings (not including brokers)
- Data controllers whose business consists wholly or mainly in direct marketing
- Data controllers whose business consists wholly or mainly in providing credit references
- Data controllers whose business consists wholly or mainly in collecting debts
- Internet access providers
- Telecommunications network or service providers
- Health professionals processing personal data related to mental or physical health
- Data controllers processing genetic data
- ata controllers whose business consists of processing personal data for the supply to others, other than journalistic, literary or artisitic purposes.
Any data processor processing data on behalf of a data controller in one of these categories must also register.
The legislation governing registration is complex. For more detailed and specific information, please view our detailed guidance here.
How do I Register?
There are currently two ways to make an application to register as either a data controller or data processor.
- On Line System
You can submit the registration on-line and with the fee which can be paid by Debit/Visa/Mastercard.
- Pay by Cheque
You can dowload the application form from our website www.dataprotection.ie and submit it with cheque for the appropriate amount.
What is the fee for registration?
Processing fee for Applications / Renewals
(Visa, Debit or Mastercard)
Applicants with 26 Employees or more (inclusive)
Applicants with 6 to 25 Employees (inclusive)
Applicants with 0 to 5 Employees (inclusive)
What happens next?
Your form will be examined to ensure that all the relevant information has been provided. Where specific queries arise we will write to you to resolve the matter.
Your one-year registration period begins on the day we receive a correctly completed form and fee.
If your organisation is required to register, your registration is added to the public register (this is updated on a weekly basis). We will give you a registration number which must be quoted each time you contact us about your register entry. You should retain this number.
Once you have registered, you must keep your register entry up to date. When any part of your entry becomes inaccurate or incomplete, you must inform us. Processing data without an accurate and complete entry on the register may incur a criminal penalty. Changes must be notified to us in writing (including by fax, email or on-line). Please remember to quote your registration number. It is not possible to request a change by telephone. We will write to you when we have processed your amendments. The following fees apply to amendments made to your registration at any time other than when renewing your registration:
Processing fee for amendments:
(Visa, Debit or Mastercard)
The Registration Cycle
The registration period is one year from the day we receive your correctly completed form with the appropriate fee. Your entry will then expire unless it is renewed. A renewal reminder letter will be sent to you approximately 3 weeks prior to your renewal date.
It is very important that we receive payment of the renewal fee prior to the expiry of your entry on the register.
At renewal time you will be asked whether there have been any changes to your registration (there is no extra fee if amendments are done at this stage). A letter will be sent to you to confirm that your entry has been renewed and providing the new expiry date.
Removing your register entry
If you consider that registration ceases to be necessary at any time during the registration period, you should write to us with full details and your registration number. Provided it is appropriate to do so, we will remove your entry from the register. We will then write to you to confirm that the entry has been removed.
Changes of legal entity
A register entry is not transferable from one data controller to another; if there is a change in the legal entity of the data controller, a new entry must be made in the register. Examples of changes in legal entity are when a sole trader becomes a partnership or a partnership becomes a limited company. If your previous entry is no longer required you must write in to request removal of your register entry.
» Permanent Link