Companies are being left in the dark about how much money they will be expected to cough up to process customer data under the post-GDPR regime, heightening fears that businesses will face a greater financial burden as the Information Commissioner’s Office acts to plug a huge hole in its finances.
The issue was first raised over four years ago but still firms are none the wiser. According to the Department for Culture Media & Sport, the Digital Economy Bill – which was waved through this week under the so-called wash-up period – does make provision for a new charging structure, although exact details are being kept tightly under wraps. All a DCMS spokesperson would say was: “The ICO will have a crucial role in ensuring that the UK has the highest data protection standards whilst it remains in the EU and beyond.”
Under the current regime, companies pay either £35 and £500 in registration charges to process personal data, bringing in up to £15m a year to the ICO.
But under GDPR this system will be scrapped, while according to the ICO’s 2013 estimate the increased workload from GDPR will cost over £26.8m, and Freedom of Information request funding has also been slashed.
Given the complexity of GDPR, the ICO’s original estimate of a £42.8m black hole is likely to be conservative at best, with some claiming its could be well over £50m by May 2018.
The Government has already sanctioned a huge expansion of the ICO, which according to Commissioner Elizabeth Denham will be recruiting 200 additional staff over the next three years, bringing its total headcount to over 700.
However, neither the ICO nor DCMS will say where the money is coming from, other than to confirm there will be a new fee structure “that needs to be approved by Parliament”.
One industry insider said: “They aren’t going to find £50m behind the back of a sofa, and it is highly unlikely that the Government will increase it funding, so it seems it will be down to businesses to pay more. The question is, why are they being so secretive about it? Something smells fishy to me.”
Call for industry action as Digital Bill is waved through
Major ICO recruitment drive to prevent GDPR meltdown
Ten crucial steps to tackle GDPR compliance anxiety
Final data countdown: 16 months to save your business
Read it and weep: ICO offers latest GDPR guidance
Consumers back GDPR to make their data safer
7,000 data protection officers needed for UK firms
EU data reforms: the top 5 issues for marketers
ICO faces £43m funding black hole