Skip to main content
Data sharing standard 2b - Data Protection Act Registration

This standard is part of a series of guidance documents to support the various stages of a DARS application.

Standard description - data protection fee

From 25 May 2018, the Data Protection (Charges and Information) Regulations 2018 requires every organisation or sole trader who process personal information to pay a data protection fee to the Information commissioner's Office (ICO), unless they are exempt.

The information provided to the ICO is published on a register of controllers.

Any Data Controller(s) must have registered with the ICO and paid the appropriate fee by 25 May 2018 or, where applicable, upon expiry of their current registration under the 1998 Act.

All controllers and processors must provide their ICO registration details as part of their application unless they are exempt.

Video

View a transcript of the DPA registration guidance video

Slide 1

Hello my name is Catherine Day and I am a Senior Case Officer within the Data Access Request Service.  

Slide 2

This video on DPA Registration is one of a series of presentations designed to help you use our Data Access Request Service as effectively as possible. You can view the other videos in this series on our YouTube channel using the following address www.youtube.com/user/HSCIC1

NHS digital have published a number of standards in relation to how we assess applications for data from NHS Digital. These are designed to be transparent and to help you in completing the relevant section of your online application for data. Again, this presentation will provide detail on the agreed standard for completing the following section of the application: DPA registration.

Slide 3

Data Protection Fee. From the 25th of May 2018, the Data Protection (Charges and Information) Regulations 2018 has required every organisation or sole trader who process personal information (including pseudonymised data) to pay a data protection fee to the ICO unless they are exempt. Please see the ICO website for further information about which organisations are exempt.

The information provided to the ICO is published on the register of controllers. Again, please see the following link to the ICO website.

Slide 4

All Data Controllers who are requesting NHS Digital record level data must be registered with the ICO.

All controllers and processors must provide their ICO registration details as part of their application for record level data to NHS Digital, unless they are exempt.

If NHS Digital receive an application for record level data and either Controller(s) and/or the Processor(s) do not have a registered DPA, NHS Digital may not be able to accept the application until the registration is in place.

It is the responsibility of the Controller(s) and/or Processor(s) to ensure that the DPA Registration is kept up-to-date during the lifetime of a Data Sharing Agreement.

Slide 5

The DPA information is required to be entered under both the Controller and Processor section of DARS online, as highlighted below.

Slide 6

The following information is required for all controllers and processes who are processing NHS Digital record level data.

We will require the Registration Number, the Organisation name as registered and also the date the Registration expires.

Slide 7

Thank you for listening. We would welcome your feedback on this presentation. If you would like to provide feedback then please email us at enquiries@nhsdigital.nhs.uk.

Last edited: 29 July 2021 10:12 am