GDPR – ICO fee changes from 1st April 2018

Three stacks of pound coins

Date

 

As we are all aware, the GDPR implementation deadline of 25th May 2018 is fast approaching….. in fact it’s just over 15 weeks away.  But were you also aware that the requirements for data controllers to register with the ICO, and the fees for registration are changing on 1st April 2018?

Under the current rules, organisations that process personal information are required to register (notify) with the ICO as data controllers.  The notification includes explaining what personal data they collect and what they do with it.  At the point of notification, the data controller is required to pay a fee, currently £35 per year for organisations with less than 249 employees, and £500 for all other organisations.

After 25th May 2018 there will no longer be a requirement to notify the ICO in the same way.  Under GDPR, data controllers are to be accountable by maintain records and conducting assessments of processing activities.

However, there is a provision under the Digital Economy Act that means there is still a legal requirement for data controllers to pay the ICO a data protection fee.  As with the notification fee now, the data protection fee will be used to fund the ICO’s data protection work as all money received in fines is passed directly back to the Treasury.

The Digital Economy Act paves the way for a new funding system.  The new system will aim to make sure the fees are fair and reflect the relative risk of the organisation’s processing of personal data.  The size of the fee will still be based on a organisations size and turnover, but will also consider the amount of personal data being processed.

The final fee structure will go live on 1st April 2018 but is likely to be a three-tier system:

  • Tier 1: annual fee of up to £55 applied to small and medium firms that do not process large volumes of data;

  • Tier 2: annual fee of up to £80 applied to small and medium firms that process large volumes of data;

  • Tier 3: annual fee of up to £1000 for large businesses;

  • And a direct marketing top-up fee of £20 for organisations that carry out electronic marketing activities as part of their business.

If your renewal is due prior to 1st April, then you will simply renew under the old system and the new structure will not affect you until your following renewal.

‘new data protection fee regime payments made during the 2017/18 financial year under the current system will run for a full year. This would mean that organisations which pay their annual notification fee at any point during this time will not need to pay the new fee until their notification under the old model would otherwise expire.’

Get in touch

For more information about Data Protection Compliance and the GDPR, get in touch with our experts today.

More
articles

Testimonial from Right Legal
"We have been using Teal to support our compliance frameworks, and every aspect of our experience with them has been fantastic. From the training to the audits, and especially the ‘Ask Teal’ helpline, nothing is too much trouble, and you get quick support from some of the industry’s best compliance experts. Just having them there to support our continued growth takes a huge weight off my mind. Highly recommend to firms of all size and structure!"
Get in touch
Testimonial from Constantine Law
"We rely on Teal Compliance to provide responsive, practical compliance services to Constantine Law (we do not have an in-house compliance officer/function). I would encourage all solicitor firms without their own resource to engage with Teal: they know what they are doing and they provide peace of mind regarding day-to-day compliance matters as well as responses to unforeseen (tricky) compliance matters. They have become an indispensable partner to Constantine Law in our growth journey."
Get in touch
Testimonial from Streathers Solicitors
"We have worked with Teal for several years. They have provided us with AML training and also helped us put together our firm-wide AML risk assessment and our updated AML policy, along with assisting us with various issues as and when they arose. We have always found them to be very helpful, friendly, responsive and knowledgeable, and are happy to recommend them."
Get in touch
Testimonial from Streathers Solicitors
"We have had a relationship with Teal for a number of years and they have provided a valuable resource to our compliance team. Teal combine the delivery of a personal and friendly service with city level expertise."
Get in touch