There has been so much talk about GDPR (if you don’t know what the GDPR is you can read about it here), let’s not forget the new Data Protection Act 2018 which is the UK’s implementation of this new law.
There are some key differences between the GDPR and the DPA, one being changes to how Data Controllers register or “notify” the ICO of their activities.
Here are a few key points to consider:
Fees are changing
Organisations who register with the ICO will have to pay a registration fee from £40 to £2,900 and there are three tiers in the new payment structure. The fee amount will be determined by several factors, including but not limited to: size of the organisation and nature of the business.
You should check to see which of the three tiers your organisation falls under to ensure you pay the correct fee.
You may be exempt
The criteria for notifying the ICO has been updated. This means that some organisations will be exempt and will not be required to pay a fee. You should check to see if this affects your organisation.
Are you registered already?
If you are, there is no need to notify the ICO using the new requirements until your current registration runs out. The ICO will be writing to all organisations whose registration is due to expire soon, to explain about the changes and to inform you of which payment tier they believe you belong in.
Under the DPA 1998 organisations were required to give details of the types of processing they did. Under the DPA 2018 you are no longer required to do this, however, you should maintain internal records of your activities and these need to be more detailed than before.
You can read more about the changes in the ICO’s guide for controllers here.
We offer a range of products and services to assist you with compliance including:
– Cloud Based ISMS (Information Security Management System)
– Data Protection Health checks & Consultancy
– Next Generation Cyber Security Products & Services
– Cyber Essentials Certification & Assessments