Out-Law News 1 min. read
08 Jul 2009, 12:50 pm
Notification is a requirement for 'data controllers' under the Data Protection Act. Every organisation that processes personal information must notify the ICO, unless they are exempt. Failure to notify is a criminal offence.
The higher rate will also apply to public authorities with 250 or more staff. Charities, small occupational pension schemes, organisations with a turnover below £25.9m and those with a higher turnover but fewer than 250 staff will continue to pay £35.
It is the first time the notification fee has changed since 2000. According to an explanatory memorandum from the Ministry of Justice, the higher fee payable by so-called 'tier two' organisations "reflects the amount of resources invested by the IC in regulating large data controllers."
The cost of fulfilling the ICO's data protection regulatory and advisory responsibilities is £16 million per year, according to the Ministry of Justice memo. The ICO’s own research has indicated that less than 4% of data controllers will meet the criteria for tier two.
"A tiered structure will increase ICO resources by approximately £4.7m per year," the memo suggests.
The notification process requires an organisation to explain its uses of personal information by completing a form. The details are stored in a register of data controllers that is available to the public for inspection. In practice, almost every organisation in the UK will process some personal data, though companies that only process personal data for payroll purposes are exempt.
The new levels were set by the Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009 which were laid before Parliament on Monday. The new fee structure will apply to notifications and renewals from 1st October.
