Bradford 01274 306 000
Leeds 0113 849 4000
Huddersfield 01484 915 000

GDPR: goodbye notification, hello more fees!

The current structure

Under the current regime, introduced by the Data Protection Act 1998 (DPA), data controllers processing personal data in the UK are required to ‘notify’ the Information Commissioner’s Office (ICO) and pay a registration fee of between £35-£500, based on their size.  

So, what is going to change?

Data controllers will now be required to register and pay new fees every 12 months to fund the ICO’s data protection work. The new data protection fee of up to £2,900 per year will apply in the UK from 25 May 2018, simultaneously with the General Data Protection Regulation (GDPR).

How much will I have to pay?

The fees are:

Tier 1 (£40) (or £35 if paid by direct debit) – micro organisations with (i) maximum turnover of £632,000; or (ii) no more than ten members of staff;

Tier 2 (£60) – small and medium-sized enterprises with: (i) Maximum turnover of £36 million; or (ii) no more than 250 members of staff;

Tier 3 (£2,900) – large organisations. Those not meeting the criteria of Tiers 1 or 2.

I have already paid my fee under the DPA, will I have to pay twice?

If you have renewed or registered with the ICO before 25 May 2018 under the DPA, you will only need to pay the new data protection fee when the current pre-GDPR registration expires.

Exceptions

  • Public authorities should only categorise themselves using the staff number calculations (and not turnover); and
  • Charities and small occupational pension schemes which are not otherwise subject to an exemption will only be liable for Tier 1, regardless of size or turnover.

Exemptions

There are, as now, some organisations that can try and claim an exemption to notifying and paying the fee, such as if your organisation is only processing personal data for staff administration, for example.

Note: this is not an exemption to having to comply with the GDPR!

PENALTY CHARGE NOTICE: DO NOT IGNORE

Failure to not pay at all or pay the incorrect fee, is subject to a maximum penalty of £4,350 (150% of the Tier 3 payment).

For further information contact Luisa D’Alessandro on 0113 849 4057.

About the Author

Luisa D'Alessandro

Partner

As head of the commercial team Luisa has a wealth of commercial law experience and advises clients…

View Profile View all