Charities exempt from ICO fees ‘likely to remain so under GDPR’

Paul Arnold, deputy chief executive of the Information Commissioner’s Office, reveals this on the ICO website, but it has yet to be confirmed by ministers

Charities that are exempt from paying fees to the Information Commissioner’s Office are likely to remain exempt under the new fee structure due to be introduced under the General Data Protection Regulation, the regulator has said.

The ICO has said it is recalculating the fees it charges data controllers to notify the regulator of how and why they are collecting data, something data controllers are required to do under the Data Protection Act 1998.

Data controllers must currently pay a notification fee of £35 or £500, depending on the size of the organisation, but many charities are exempt from the rules unless they sell or swap data with other organisations or they own their own premises and operate CCTV on them.

The GDPR, new data protection legislation due to come into force on 25 May 2018, says that data controllers will no longer be required to notify the ICO.

But Paul Arnold, deputy chief executive of the ICO, said in a statement on the ICO website today that such organisations would still be required to pay the ICO once the GDPR was introduced because they would switch to paying a data protection fee, which was introduced by this year’s Digital Economy Act.

The fees would be used to fund the ICO’s work, Arnold said.

He said the ICO expected those organisations that were exempt under the existing regime would remain exempt under the new system, but this had yet to be confirmed by the Department for Digital, Culture, Media & Sport.

In the statement, he said: “The amount of the data protection fee is being developed by the ICO’s sponsoring department, the DCMS, in consultation with the ICO and representatives of those likely to be affected by the change. The final fees will be approved by parliament.”

Arnold said the size of the data protection fee each organisation was required to pay would still be based on the organisation’s size and turnover and would take into account the amount of personal data it was processing.

There were likely to be three categories of fees, he said, but he did not give an indication of how much these fees were likely to be.

The new model would come into force in April, Arnold said, but added that any notification fees would remain valid for a year, so charities would not need to pay the data protection fee until their current fee expired.

Source link

Leave a Comment.

Этот сайт использует Akismet для борьбы со спамом. Узнайте, как обрабатываются ваши данные комментариев.