The ICO (Information Commissioner’s Office) has recently publish draft legislation and guidance regarding its registration fee for businesses using personal data into 3 tiers.
- Those organisations with a maximum turnover of £632,000 for the last financial year or no more than 10 members of staff.
- £40.00 fee.
- Those organisations with a maximum turnover of £36 million or no more than 250 members of staff
- £60 fee.
- Any organisation working above both the Tier 1 and Tier 2 thresholds must pay £2,900.00.
All data controllers are eligible to pay £2,900.00 until they tell the IPO otherwise; i.e. they are only obliged to pay tier 1 fees for example. The maximum sanction for non-payment/incorrect payment is set to be £4,350.00.
If you are a public authority, the correct tier will only be dictated by staff numbers and not turnover. If you are a charity, only a tier 1 fee will be payable in all circumstances. There are also some exemptions to the fee if you are a not-for-profit organisation or only use personal data for limited circumstances.
If you are already registered you will not need to pay the new fee until your current registration expires. If you have not already registered you should ensure you pay the fee before 25 May 2018 (when the GDPR comes into force).
Useful note – if you make a payment via direct debit you will receive a £5 discount.
Want to know more about the GDPR? Check out our blog on the 10 most important changes under the new regulations!