Draft Regulations Published on ICO Annual Fees post GDPR

Published on: 06/03/2018

#Data Protection

The government has recently published draft Regulations which are set to replace the current rules in the UK on annual registration requirements and fees payable to the ICO.

While the GDPR will no longer require data controllers to register annually with the supervisory authority (the ICO in the UK), the draft Regulations confirm that an annual fee will still be payable to the ICO. The draft Regulations are intended to come into force on 25 May 2018, in line with the GDPR. Annual fees paid prior to 25 May will still take effect for the whole year, so organisations will not need to pay the new levels of fee prior to their annual renewal.

The new regime proposes to implement a three-tier fee structure (unless a business is exempt- the ICO intend to publish an online exemption tool before the Regulations come into effect for controllers to assess if an exemption applies) based on factors including the data controller’s turnover, number of staff and organisation type. The three levels of fee will be £40, £60 and £2,900. The largest fee will only apply to organisations with more than 250 staff and an annual turnover of more than £36million.

The ICO have published a guide to the draft Regulations which can be viewed here. We will keep you updated on the draft Regulations’ progress through parliament in the build up to 25 May.

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking professional and legal advice. Please refer to the full General Notices on our website.