This site uses cookies which will be set when you visit another page, unless you then choose to opt out. Find out more about our cookies.


ICO – New Notification Fee for Data Controllers - 25 May 2018Member News

07 March 2018

When the GDPR comes into force in the UK in May 2018 all Data Controllers will have to pay a notification fee to the Information Commissioner's Office (ICO); this will replace the current registration process and fee. The ICO is the UK’s data protection regulator or supervisory authority.

The government has published the draft format for the new notification fee structure.  The new structure must still be approved by Parliament but the ICO have published a guide that reflects the draft, to help Data Controllers prepare for what the UK Government is proposing.

The new annual fee structure is as follows:


Organisation Type



Micro organisations
-    Maximum turnover of £632,000 or no more than ten members of staff


Small and medium organisations
-    Maximum turnover £36 million or no more than 250 members of staff


Large organisations
-    That do not meet the criteria for tiers 1 and 2


For more details go to

Until 25 May, organisations are still required to pay the current notification fee, unless they are exempt. If you currently have a registration (or notification) under the 1998 Act, you will not need to pay the new data protection fee until your registration expires.

Further information on GDPR:

View and download the BHBIA's series of GDPR Guides

Keeping you informed about changes in the UK legal and ethical environment

Keeping you informed about changes in the UK legal and ethical environment

Cookies required

To use this functionality please enable cookies. Find out more about our cookie policy.

  Cookies are currently off.