GDPR will be law in less than 2 months as will be the new Data Protection (Charges and Information) Regulations 2018.
These Regulations set out the fee which businesses have to pay to the Information Commissioners Office (ICO) when registering as a Data Controller. You are a Data Controller if you have customers and/or staff as you will be processing personal data. Failure to register and pay the relevant fee is likely to result in a fine of £4350.
The current fee structure is a two tier structure of £35 for smaller businesses and a £500 fee for businesses with a turnover of over £25.9 million and more than 249 staff. However, the ICO needs to fund its work and so in addition to the increased fines for data breaches which accompany GDPR, they are increasing these registration fees as of 25 May 2018.
You may be exempt from the requirement to register and pay any fee if you only process personal data manually. And you may also be exempt if you only process personal data for administering employee data or administering your business accounts i.e. sales and purchase invoices. However, even if your paperwork is all manual or you are only processing personal data for your core business activities but you have CCTV for crime prevention purposes, you will need to register as CCTV s capturing personal data.
If in doubt, you can complete the ICO questionnaire or call the ICO helpline on 0303 123 1113.
For those who do have to register the new fees are as follows:
Tier 1 £40 (£35 id paid by direct debit) for micro organisations with a maximum turnover of £632,000 or no more than ten members of staff.
Tier 2 £50 for SMEs with a maximum turnover of £36 million or no more than 250 members of staff.
Tier 3 £2900 for large organisations who exceed the criteria of Tier 1 and 2.
The jump from £500 to £2900 is sharp and gives some indication of how much extra monitoring and enforcement the ICO expect to be undertaking once GDPR arrives on 25 May 2018.
Need help with keeping on track with FCA Regulation and Compliance? Partner with Automotive Compliance