In May 2018 the Data Protection Act 2018 introduced GDPR into UK law. One of the many changes to data protection law was with regard to ICO registration and fees. In this blog post we will explain how the new fee structure works and how it will impact your organisation.
The GDPR does not require registration (also known as notification) any more but the ICO can charge a fee and so it has set up a new fee regime/structure. In the UK the fee is only payable by data controllers unless they are exempt – the government is currently consulting on the proposed exemptions although they seem to be the same as before.
There are now 3 tiers of fees based on turnover and staff numbers as follows:
The ICO has stated that they will regard all controllers as eligible to pay the tier 3 fee in tier 3 unless and until the Data Controller tells them otherwise.
The maximum fine for not paying the fee or for paying the incorrect fee is now £4,350.
The new fees come into force immediately but if you have already paid, you won’t have to pay the new fee until you renew.
Aside from the level of the fee, the main difference is that controllers no longer have to give details of the types of processing they do. Rather a data controller just needs to tell the ICO:
The ICO has confirmed it will publish the following:
If we can be of any assistance, contact us on 0161 952 4244 for more information.