With just over one month (35 Days) before GDPR kicks in, you must register your UK business with the ICO and pay the annual "Data Protection Fee".
After May 2018 you need to pay the ICO a data protection fee.
If you have already registered with the ICO in the last year prior to May 2018, you only need to pay the fee once your current registration expires.
There are three different tiers of fee. Controllers are expected to pay between £40 and £2,900. The fees are set by Parliament to reflect what it believes is appropriate based on the risks posed by the processing of personal data by controllers. The tier you fall into depends on:
* how many members of staff you have;
* your annual turnover;
* whether you are a public authority;
* whether you are a charity; and
* whether you are a small occupational pension scheme.
Not all controllers must pay a fee. Many can rely on an exemption.
Registration with the ICO
If you handle personal data, you may need to register as a data controller with the Information Commissioner’s Office. Registration is a statutory requirement and every organisation that processes personal information must register with the ICO, unless they are exempt. Failure to register is a criminal offence.
Except from the ICO press release: The Government has announced a new charging structure for data controllers to ensure the continued funding of the Information Commissioner’s Office (ICO).
The new structure was laid before Parliament yesterday (Tuesday 20 February) as a Statutory Instrument and will come into effect on 25 May 2018, to coincide with the General Data Protection Regulation (GDPR Compliance).
Until then, organisations are legally required to pay the current notification fee, unless they are exempt.
Read the full press release here.