Feeds

Data protection fee to cost bigger orgs £500 a year

Don't pretend you can't afford it

Intelligent flash storage arrays

Organisations with a turnover of £25.9 million or more and 250 or more staff will be required to pay the Information Commissioner's Office (ICO) an annual notification fee of £500 with effect from 1st October. The current fee is just £35.

Notification is a requirement for 'data controllers' under the Data Protection Act. Every organisation that processes personal information must notify the ICO, unless they are exempt. Failure to notify is a criminal offence.

The higher rate will also apply to public authorities with 250 or more staff. Charities, small occupational pension schemes, organisations with a turnover below £25.9m and those with a higher turnover but fewer than 250 staff will continue to pay £35.

It is the first time the notification fee has changed since 2000. According to an explanatory memorandum from the Ministry of Justice, the higher fee payable by so-called 'tier two' organisations "reflects the amount of resources invested by the IC in regulating large data controllers."

The cost of fulfilling the ICO's data protection regulatory and advisory responsibilities is £16 million per year, according to the Ministry of Justice memo. The ICO’s own research has indicated that less than 4 per cent of data controllers will meet the criteria for tier two.

"A tiered structure will increase ICO resources by approximately £4.7m per year," the memo suggests.

The notification process requires an organisation to explain its uses of personal information by completing a form. The details are stored in a register of data controllers that is available to the public for inspection. In practice, almost every organisation in the UK will process some personal data, though companies that only process personal data for payroll purposes are exempt.

The new levels were set by the Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009 which were laid before Parliament on Monday. The new fee structure will apply to notifications and renewals from 1st October.

Copyright © 2009, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.