Insights Information Commissioner’s Office publishes blog piece on fee and registration changes when GDPR becomes effective in May 2018

The ICO explains that when the new data protection legislation comes into effect next year, there will no longer be a requirement for organisations that process personal information to register with the ICO as data controllers in the same way as they currently do. However, a provision in the Digital Economy Act 2017 means it will remain a legal requirement for data controllers to pay the ICO a data protection fee.

The amount of the data protection fee, which funds the work of the ICO, is currently being developed. The final fees will be approved by Parliament.

The current draft proposal is a three-tier system, which will differentiate between small and big organisations and also how much personal data an organisation is processing. The ICO says that the aim is to keep the system as simple as possible, so that organisations will easily be able to categorise themselves. The new model will go live on 1 April 2018.

The ICO says that organisations should continue to renew their notification as usual and reminds readers that it is still a criminal offence to not notify if an organisation needs to. To read the blog post in full, click here.

Expertise