Out-Law News 1 min. read
26 Jun 2018, 3:05 pm
The Department for Digital, Culture, Media and Sport (DCMS) opened a consultation (23-page / 556KB PDF) on the issue on Monday.
At the moment, organisations responsible for how personal data is handled are generally obliged to pay a data protection fee each year to fund the monitoring of compliance and enforcement of data protection law in the UK.
A rate of £40 for micro organisations, £60 for small and medium organisations, and £2,900 for large organisations applies, with the fee payable by all data controllers operating in the UK, unless an exemption applies.
The UK's data protection watchdog, the Information Commissioner's Office (ICO), issued guidance on the topic of the data protection fee earlier this year.
Exemptions are currently attached to certain types of processing. For example, an exemption applies where organisations only process personal data for staff administration purposes, advertising, marketing and public relations purposes, and/or accounts and records purposes, other than when processing personal data by or obtained from a credit reference agency
Data controllers that do not process personal data by automated means, or with the intention that it be processed by automated means, are also exempt from the fee.
DCMS has now asked businesses whether the list of exemptions should be expanded.
DCMS said: "The government considers that there is merit in reviewing the exemptions to ensure that they are still appropriate to the current time, and fit for the digital age. We are aware too that there is appetite from stakeholders to review the exemptions. In the consultation, we are asking stakeholders to look at each exemption and state whether they think it should be retained or not, and their reason(s) for their response."
"Additionally, we have invited respondents to detail any other data controllers or processing that they consider appropriate for an exemption," it said.