Make voluntary the registration as Data Controller with the Information Commissioners Office.

Why is this idea important?

With few exceptions, Companies that hold personal data (e.g. client names, staff names, names of people at suppliers etc)  are required to register as a data controller with the Information Commissioner. In effect, this is criminalising hundreds of thousands of directors who do not realise that they should have registered their companies.

The Information Commissioners Office publish a database which is typically a few weeks to months out of date listing who the registered data controllers are.  It is meant to provide people with an rough understanding of what a company uses their personal data for.   In reality, a common use of the database is by disgruntled employees and customers who seek to extort money from companies by pointing out the company has not complied by registering.  There is virtually no value in the actual registration itself.

Some companies will want to register as Data Controllers as a badge that they can use for marketing e.g. to show credibility to customers or to show they care about their staff personal data.  In reality, the registration makes no difference to the culture of a company and whether it is diligent with its information security.  To this extent, the Data Controller registration process is an administrative burden that has not met its key objectives.

Lawyers specialise in making a living off the back of Data Controller registrations which has no real value to the business or data subjects.  It can be an expensive to larger companies as board directors don't understand the requirements and over react in terms of legal fees to put registrations in place.  There is a multi-million pound industry around the process.

For small companies, it is a significant burden – it can take up to a day to understand the requirements and make a submission and there is an annual £35 direct debit which needs to be set up and then administered forever.  It makes no difference at all as to how most companies treat personal data. Its just a bureacratic box to tick.

The key role of the Data Controller registration looks to be as a cash generating tax to fund a process from which value for money is not obtained e.g. data controller registration did not prevent HMRC famously loosing the disk of peoples details.

Leave a Reply

Your email address will not be published.