10/09 Increase in data controller notification fees

Employment update email

The annual fee to register as a data controller with the UK Information Commissioner's Office (ICO) has been increased in respect of all "large organisations" from £35 to £500.



Data controller notifications must be made by all bodies storing or handling personal information in the UK in the context of a UK establishment (including branch offices) or by using equipment in the UK (such as computer servers).  Previously, all affected entities paid an annual fee of £35 to maintain their registration as a controller of personal data in the UK (known as a "notification").  Although there are limited exemptions, in practice the requirement to notify applies to most businesses operating in the UK.  Failure to register is a criminal offence.


What's changed?

Under the new rules, organisations with a turnover of £25.9m (or more) and 250 or more employees must now pay a higher annual fee of £500.  Public bodies with 250 or more employees will also be subject to the new premium rate.  The increased fee applies to new notifications as well as renewals on the date they fall due.  Smaller entities will continue to pay £35 per year.


What it means to employers

As most employers will be "data controllers" of personal information relating to their employees and customers, they should consider whether they meet the threshold of a "large organisation" for the purposes of a new notification or on their next renewal.  Where there are a number of "large organisations" in a group this could lead to a significantly increased cost in maintaining data protection compliance.

For further information refer to the ICO website