Guide to the data protection fee

You are here:
Estimated reading time: 1 min
Information Commissioner’s Office, “Guide to the GDPR”, retrieved on 4th September 2020, licensed under the Open Government Licence.

On 25 May 2018, the Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations) came into force, changing the way we fund our data protection work.

Under the 2018 Regulations, organisations that determine the purpose for which personal data is processed (controllers) must pay a data protection fee unless they are exempt.

The new data protection fee replaces the requirement to ‘notify’ (or register), which was in the Data Protection Act 1998 (the 1998 Act).

Although the 2018 Regulations come into effect on 25 May 2018, this doesn’t mean everyone now has to pay the new fee. Controllers who have a current registration (or notification) under the 1998 Act do not have to pay the new fee until that registration has expired.

From 1 April 2019, the Data Protection (Charges and Information) (Amendment) Regulations 2019 exempted the processing of personal data by members of the House of Lords, elected representatives and prospective representatives.

‘Elected representatives’ is defined by the Data Protection Act 2018 and includes, but is not limited to, MPs, MSPs, AMs in Wales, MEPs, elected councillors in county councils, district councils, London boroughs, parish councils, elected mayors and police and crime commissioners.

‘Prospective representative’ refers to anyone seeking to become an elected representative as defined above.

Find out more about paying the data protection fee here (external link; for UK only).

Was this article helpful?
Dislike 0
Views: 243