There has been so much attention regarding the GDPR recently, but one element that hasn’t been in the limelight very much is that of the data protection fee, and the potential (likely) need to register with the ICO.
This is not new, although it is slightly different to the requirements of the Data Protection Act 1998. It was always the case that if you processed data, you should have registered, although evidence showed that not all organisations who should have registered, did.
Have you registered?
The rules now state that every organisation that processes personal information is required to pay a data protection fee to the Information Commissioner’s Office (ICO), unless they are exempt.
The data protection fee came in at the same time as GDPR and funds the work that the ICO do. It replaces the annual registration fee that businesses used to have to pay to the ICO under the Data Protection Act 1998.
If you haven’t already registered, we would encourage you to do this very brief ICO questionnaire which tells you definitively whether you need to register…it only takes 2 minutes of your time to do the survey.
The exemptions mentioned above include if you are only processing personal data for:
- Staff administration
- Judicial functions
- Maintaining a personal register
- Accounts and records
- Not for profit purposes
- Marketing and PR
- Personal, family or household affairs
- If you are not using an automated (ie computer) to do the processing
However, we would urge you to take the online survey to be sure whether or not you need to register. If you don’t register, and you should have done, you could be fined up to £4,350.
NOTE: The government has issued a review of the exemptions which is currently still underway (at August 2018), so please do follow the link above which takes you directly to the ICO website to do the survey.
How much does it cost?
It really isn’t expensive to register. Depending on the size and turnover of your business there are three tiers with prices being £40, £60 and £2,900.
You only pay the large amount if your turnover is more than £36 million or you employ more than 250 staff.
Finally, and this is good news, if you were already registered under Data Protection Act 1998, you don’t have to make payment / register under the new regulations until your existing registration expires (12 months after you originally registered).
If you need any help to get through the minefield that is the GDPR, then please do get in touch with us here at Griffin House Consultancy. We are specialists in this area and provide audits, consultancy and training to help businesses of all sizes ensure they are complaint and protected.
Get in touch today – call 01673 885533 or email us at [email protected].
You can also sign up to our eBulletin for the latest developments in data protection, information governance and compliance.