Notification is a requirement for 'data controllers' under the
Data Protection Act. Every organisation that processes personal
information must notify the ICO, unless they are exempt. Failure to
notify is a criminal offence.
The higher rate will also apply to public authorities with 250
or more staff. Charities, small occupational pension schemes,
organisations with a turnover below £25.9m and those with a higher
turnover but fewer than 250 staff will continue to pay £35.
It is the first time the notification fee has changed since
2000. According to an explanatory memorandum from the Ministry of
Justice, the higher fee payable by so-called 'tier two'
organisations "reflects the amount of resources invested by the IC
in regulating large data controllers."
The cost of fulfilling the ICO's data protection regulatory and
advisory responsibilities is £16 million per year, according to the
Ministry of Justice memo. The ICO’s own research has indicated that
less than 4% of data controllers will meet the criteria for tier
two.
"A tiered structure will increase ICO resources by approximately
£4.7m per year," the memo suggests.
The notification process requires an organisation to explain its
uses of personal information by completing a form. The details are
stored in a register of data controllers that is available to the
public for inspection. In practice, almost every organisation in
the UK will process some personal data, though companies that only
process personal data for payroll purposes are exempt.
The new levels were set by the Data Protection (Notification and
Notification Fees) (Amendment) Regulations 2009 which were laid
before Parliament on Monday. The new fee structure will apply to
notifications and renewals from 1st October.
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
