The current system of registration for UK based data controllers was replaced by the UK’s Information Commissioner’s Office (“ICO”) with effect from 25 May 2018.
From that date, or once existing registrations come up for renewal, data controllers who are not exempt, will have to pay an annual data protection fee to the ICO.
Due to the way the rules are written, it is strongly recommended that you contact the ICO as soon as possible if your business is not currently registered.
Replaces Requirement to Notify
The new fee arrangements replace the requirement to ‘notify’ (or register) under the Data Protection Act 1998, in line with Recital 89 of the GDPR which suggested that Member States abolish general systems of registration.
The ICO has published a guide about the data protection fee. The fee payable depends on staff numbers and annual turnover. There are exemptions for micro businesses who don’t outsource bookkeeping or other functions.
Noteworthy is that all controllers will be regarded as belonging in the top tier band unless they tell the ICO otherwise, so this should motivate those businesses that do not have an existing data protection registration to address GDPR compliance immediately and apply to register.
What GDPR Involves
GDPR has certainly been taking up businesses’ time in terms of understanding the regulations, and taking actions to work towards compliance.
So I have put together a short mini training on GDPR which would be relevant to those who have not yet taken any steps towards compliance. There are 4 blog posts in the series:
Among other things, these give you tactical steps to put in place and explain some decisions to make as a business owner in order to work towards compliance.
If you’re unsure how to work out your strategy on issues like opt in and opt out boxes, and web forms, you may be interested to know that I’ll be releasing a marketing course as a separate module for GDPR. So to receive notification once this is available
There are more than a dozen documents you will need in order to work towards GDPR compliance. We have created a GDPR site with all the templates, where there are videos and written guidance on all this. There are FAQs, and we plan to constantly add news updates after 25 May to guide you in your compliance.
25 May is just the beginning in terms of implementing a compliance program. Most businesses will need to set aside time regularly to continue their work as there is so much to do.
All the best with your GDPR compliance work.