The government has published the format for new notification fees to fund the ICO’s work from 25 May onwards when the GDPR enters into force.
The new structure was laid before Parliament on 20 February as a Statutory Instrument. Until 25 May, organisations are legally required to pay the current notification fee, unless they are exempt.
The ICO has produced a Guide to the Data Protection Fee. The new fees structure is based on the relative risk to the data that an organisation processes, but also the organisation’s size, turnover and whether an organisation is a public authority or charity.
The fees are:
Tier 1 – micro organisations. Maximum turnover of £632,000 or no more than ten members of staff. Fee: £40 (or £35 if paid by direct debit)
Tier 2 – SMEs. Maximum turnover of £36 million or no more than 250 members of staff. Fee: £60
Tier 3 – large organisations. Those not meeting the criteria of Tiers 1 or 2. Fee: £2,900