With growing impact of digital transformation across the globe, most of the companies are involved in handling personal data of numerous people. In UK, GDPR has ensured that the processed data by companies are used within the permissible limit. Additionally, a fee is also charged by GDPR which is paid to the ICO.
Who needs to pay Data Protection Fee?
As per the norms laid by ICO, any business, individual or any form of organization who is involved in processing personal data is required to pay data processing fee, unless declared under the exempt category.
The list of exempted category includes:
- Public Authorities categorizing themselves as per staff numbers only.
- Charities – only upto Tier 1 fee
- Small occupational pension schemes – only upto Tier 1 fee
Levels of Data Protection Fee
Data protection fee varies on the basis of an organization turnover and its employee size. There are three different tiers mentioned as follows:
Tier 1: This tier is for micro organizations whose turnover is or below £6,32,000 in a financial year and has less than 10 employees. The applicable data protection fee is £40.
Tier 2: This tier is for small and medium organizations whose turnover is or below £36 million in a financial year and has less than 250 employees. The applicable data protection fee is £60.
Tier 3: This tier is for large organizations who do not fall under the above-mentioned tiers. For them the applicable data protection fee is £2,900.
Any organization who ignores data protection fee can be fined upto£4,350 by ICO.
Do you also fall under any of the above-mentioned tiers? Feel free to get in touch us for any guidance.