Fees for data controllers under GDPR

The cost of registering as a data controller

Organisations that process personal data are being charged a fee dependent upon which of three tiers they fall within:

• Tier 1 is for “micro organisations” – including those with an annual turnover of less than £632,000, 10 members of staff
• Tier 1 also includes charities and small occupational pension schemes, regardless of size or turnover
• Tier 2 is for “SME organisations” – including with a turnover of no more than £36 million, or no more than 250 personnel
• Tier 3 is for “large organisations” (all other organisations)

The fee categories associated with each of these tiers is as follows (a £5 discount will apply for direct debit payments):

• Tier 1 – £40
• Tier 2 – £60
• Tier 3 – £2,900

Public authorities will be charged in accordance with their number of personnel and not their annual turnover.

Some exemptions to the new fee schedule applies if one or more of the following situations applies:

• Personal and family data processing
• Employee administration
• Accounts and records
• Judicial functions
• Not-for-profit activities
• Advertising, marketing and public relations
• Maintaining a public register
• Personal data processing not undertaken on an electronic device

To find out more, review this detailed ICO guidance on GDPR fees, which will help you to prepare and budget accordingly.