ICO announces new fees

The Government has announced a new charging structure for data controllers to ensure the continued funding of the ICO. It went before Parliament on 20th February and will come into effect on 25th May 2018, to coincide with GDPR. Until then, organisations are legally required to pay the current notification fee, unless they are exempt.

There are three different tiers of fee and controllers are expected to pay between £40 and £2,900. The fees are set by Parliament to reflect what it believes is appropriate based on the risks posed by the processing of personal data by controllers and the tier you fall into depends on:

• how many members of staff you have

• your annual turnover

• whether you are a public authority

• whether you are a charity

• whether you are a small occupational pension scheme.

Not all controllers must pay a fee as some can rely on an exemption.

Tier 1 – micro organisations You have a maximum turnover of £632,000 for your financial year or no more than 10 members of staff. The fee for tier 1 is £40.

Tier 2 – small and medium organisations You have a maximum turnover of £36 million for your financial year or no more than 250 members of staff. The fee for tier 2 is £60.

Tier 3 – large organisations If you do not meet the criteria for tier 1 or tier 2, you have to pay the tier 3 fee of £2,900.

Important: remember the ICO will regard all controllers as eligible to pay a fee in tier 3 unless and until they tell the ICO otherwise!