Poole Office: 01202 678555

Wimborne Office: 01202 849169

  • slider-1.jpg
  • slider-2.jpg
  • slider-3.jpg
  • slider-4.jpg

Request a Call Back

Please enter your name and phone number

Latest News

VAT on property service charges
11/12/2018 - More...
A new Revenue and Customs Brief (6-2018)...

Are you ready for VAT filing changes April 2019?
11/12/2018 - More...
The introduction of Making Tax Digital...

Is your income approaching £100,000?
11/12/2018 - More...
For high earning taxpayers, the personal...

Search News


With our newsletter, you automatically receive our latest news by e-mail and get access to the archive including advanced search options!

»Sign up for the Newsletter
» Login


Information Commissioner’s Office publishes introduction to the Data Protection Bill

The Information Commissioner's Office (ICO) has published a 77-page introduction to the Data Protection Bill, to help businesses navigate their way around the Bill and focus on the areas that are most relevant to them. Assuming it receives Royal Assent and becomes the Data Protection Act 2018, the Bill is expected to come into force on 25 May 2018, i.e. on the same date as the EU General Data Protection Regulation (GDPR). The two pieces of legislation will then work alongside each other in place of the current Data Protection Act 1998, which is to be repealed. The GDPR gives EU member states limited opportunities to make provisions for how it applies in their country. One element of the Bill is the details of these. The Bill is currently progressing through Parliament and is currently at Committee Stage in the House of Commons. The ICO intends to produce further detailed guidance on the Bill once it has been enacted.

In addition, the government has announced a new charging structure for data controllers to ensure the continued funding of the ICO. The draft Data Protection (Charges and Information) Regulations 2018 have been laid before Parliament and are also expected to come into force on 25 May 2018 in line with the GDPR. Until then, businesses are legally required to pay the current notification fee, unless they are exempt. When the GDPR comes into effect, it will remove the requirement for data controllers to pay the ICO a fee, but the new charging structure has been proposed by the government to ensure that the ICO remains adequately funded. The draft regulations, which will replace the Data Protection (Notification and Notification Fees) Regulations 2000:

  • set out when data controllers will be required to provide information to the ICO and pay a charge associated with the processing of personal data
  • require the payment of an annual charge to the ICO unless all processing undertaken by the data controller is exempt
  • confirm that there will be three tiers of charge, i.e. £40, £60 and £2,900, depending on the data controller's turnover, number of staff and organisation type.

For very small organisations, the fee won’t be any higher than the £35 they currently pay, if they take advantage of a £5 reduction for paying by direct debit. Larger organisations will be required to pay £2,900. The fee is higher because these organisations are likely to hold and process the largest volumes of personal data, and therefore represent a greater level of risk. There will continue to be financial penalties for not paying fees, but these will be in the form of civil monetary penalties rather than a criminal sanction.

To help data controllers understand why there is to be a new funding model and what they will be required to pay from 25 May 2018, the ICO has produced a new guide to the data protection fee. The guide also outlines the ICO's intention to publish an online exemption assessment tool before 25 May 2018.

Contact Us

Poole Office

Tower House, Parkstone Road
Poole, Dorset
BH15 2JH
Tel: 01202 678555

This email address is being protected from spambots. You need JavaScript enabled to view it.

Company Registration No: O7430971
VAT Registration No.107585703

Wimborne Office

Beaufort House, 2 Cornmarket Court
BH21 1JL
Tel: 01202 849169