The Information Commissioner’s Office (ICO) has announced that it will drop requirements for data controllers to notify the ICO of data processing activities but will retain a fee regime, when the new General Data Protection Regulation (GDPR) comes into force from May 2018.
At present, almost all data controllers are required to pay an annual fee (£500 for large organisations with a £25.9m turnover and at least 250 employees, or £35 otherwise) and notify the ICO of its data processing activities on its register of data controllers. The ICO announced that the new fees will be “fair” and will “reflect the relative risk of the organisations processing”. A three-tier level of fees has been proposed to take into account an organisation’s size and turnover.
The new fee regime will commence on the 1st April 2018. Where a data controller has recently renewed their notification, or will renew between now and 1st April 2018, this renewal will run for a full year and such organisations will not need to pay any new level of fee until their previous notification expires.
We will keep you updated with any further developments in preparation for the implementation of the GDPR.