The ICO has published a blog post to ‘clarify how the fees that data controllers have to pay to the ICO are changing’; however the post provided no actual figures for the new fees.
Currently organisations who process personal data ‘notify’ the ICO on an annual basis (unless in the rare circumstances they are exempt). Most SMEs pay the £35 annual fee and appear on the ICO’s register of data controllers.
CHECK YOUR REGISTRATION HERE:
https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
The deadline for EU member states to implement the General Data Protection Regulations (GDPR) is May 2018 and the UK Parliament is already progressing a Data Protection Bill to meet that commitment.
The ICO have said that when this new legislation comes in to force:
there will no longer be a requirement to notify the ICO in the same way.
BUT
The Digital Economy Act did make provisions for funding the ICO in another way and those fees have not yet been approved by Parliament.
The new payment system will take in to account an organisation’s size, turnover and the amount of personal data it is processing. With a Three Tier System currently being proposed.
It is unclear how the “amount of personal data ” will be determined.
Despite the lack of information, this new system is proposed to “go live” 1st April 2018, however if you have already paid under the current scheme, you may not be affected until the renewal.
More details to follow…
