Data Protection

(asked on 14th July 2015) - View Source

Question to the Ministry of Justice:

To ask the Secretary of State for Justice, what assessment he has made of the extent of revenue that has been lost to the public purse in each of the last seven financial years as a result of data controllers who are required to notify or register under the Data Protection Act and pay a fee not doing so; and what steps he is taking to (a) recoup the losses to the public purse that have occurred and (b) prevent such further losses.

Answered by
Dominic Raab Portrait
Dominic Raab
Foreign Secretary and First Secretary of State
This question was answered on 22nd July 2015

The Data Protection Act 1998 (DPA) requires every data controller who is processing personal information to register with the Information Commissioner’s Office (ICO) unless they are exempt. Failure to do so is a criminal offence.

The ICO has the ability to prosecute data controllers who process personal data having failed to notify in accordance with the DPA. A successful prosecution could result in a fine being imposed. The length of time that a data controller has failed to notify, and any financial benefit they have received from not paying the notification fees, is a factor that is taken into account by the Court when sentencing and setting the appropriate level of fine. There are no provisions in the Proceeds of Crime Act that would require someone to report to a court or anyone else that any profit has been made from the offence of processing personal data without being registered. If someone suspects that money laundering has occurred then the reporting obligations set out in the Money Laundering Regulations 2007 will, for example, apply.

It is for data controllers to seek registration; the ICO periodically reminds organisations of the requirement to notify. Fee income has been increasing year on year with increasing numbers of notifications.

The Ministry of Justice and the ICO are looking at the current funding model as part of negotiations on the proposed EU Data Protection Regulation.

This content was generated for your convenience by Parallel Parliament and does not form part of the official record.
Recent Documents related to Data Protection

19/04/2021 - The Insolvency Service (the Insolvency Service)
- View source

Found: The General Data Protection Regulation (Regulation (EU) 2016/679) The Data Protection Act 2018

2. The Mid-Tier Contract - Schedule 20 (Processing Data)
16/12/2019 - Cabinet Office
- View source

Found: Schedule 20 (Processing Data) Crown Copyright 2019 Mid - tier contract

3. Review of exemptions from paying charges to the ICO
08/11/2018 - Department for Digital, Culture, Media and Sport
- View source

Found: CommissionerÕs Office Government response to the public consultation November 2018 Department

4. Guidance: Accounting Officers appointed by HM Treasury
30/05/2019 - HM Treasury
- View source

Found: XxxxxxxxxxxThe National Audit Of˜ce scrutinises public spending on behalf of Parliament. The Comptroller

5. Insurance Premium Tax: administration and unfair outcomes
05/11/2020 - HM Revenue & Customs (HMRC)
- View source

Found: administration of Insurance Premium Tax (IPT) and prevent unfair outcomes. Scope of this consultation:

Latest Documents
Recent Speeches related to Data Protection

1. Data Protection Bill [HL]
10/01/2018 - Lords Chamber

1: conditions” and insert “— (a) by adding conditions; (b) by omitting conditions added by regulations under - Speech Link
2: conditions” and insert “— (a) by adding conditions; (b) by omitting conditions added by regulations under - Speech Link
3: Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully - Speech Link
4: Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully - Speech Link

2. Data Protection Bill [HL]
14/05/2018 - Lords Chamber

1: “processing and personal data are to processing and personal data” and insert “personal data, and the processing - Speech Link
2: processor in relation to the processing of personal data to which Chapter 2 or 3 of Part 2, Part 3 or Part - Speech Link
3: references in subsection (1)(a) and (b) to public authorities and Scottish public authorities as defined by the - Speech Link

3. Data Protection Bill [HL]
20/11/2017 - Lords Chamber

1: maintain a register of data controllers (1) The Commissioner must maintain a register of all data controllers - Speech Link
2: subsection (3), personal data must not be processed unless an entry in respect of the data controller is included - Speech Link
3: Clement-Jones. Section 17(1) of the Data Protection Act 1998 states that personal data must not be processed unless - Speech Link

4. Data Protection Bill [HL]
22/11/2017 - Lords Chamber

1: party controller or processor processing personal data for one of the special purposes, the Commissioner - Speech Link
2: Lords are still suffering from indigestion as a result of the alphabet soup of amendments we had in Committee - Speech Link

5. Data Protection Bill [ Lords ] (Second sitting)
13/03/2018 - Public Bill Committees

1: requirement that the processing is carried out without the data subject’s consent.Amendment 78, in schedule - Speech Link

Latest Speeches
Recent Questions related to Data Protection
Latest Questions