Under the current Data Protection Act, organisations that process personal information are required to notify with the ICO as data controllers. They are required to pay the ICO a notification fee, based on their size, of either 35 or 500.

When the GDPR comes into effect in 2018, there is no requirement to notify the ICO. However, the Digital Economy Act contains a legal requirement for data controllers to pay the ICO a data protection fee. These fees will be used to fund the ICO's data protection work.

The amount of the fee is being developed by the ICO and the Department for Digital, Culture, Media & Sport. The final fees will be approved by Parliament. The draft proposal is for a three-tier system, which will differentiate between small and large organisations and also how much personal data an organisation is processing.