Following the Government's Statement of Intent in August, the Data Protection Bill to update data protection laws in line with the General Data Protection Regulation (GDPR) was introduced to the House of Lords on 13 September 2017.

The Bill is still to pass through three readings and the committee and report stages in both the House of Lords and House of Commons, although it is anticipated that it will be approved in substantially the same form it is in now.

On 5 October, the Information Commissioner's Office (ICO) confirmed, as indicated by the Bill, that there will no longer be a duty on controllers to notify the ICO. However, controllers will still be obliged to pay a fee, as provided for by section 108 of the Digital Economy Act.

The amount of the fee is being considered by the Department for Digital, Culture, Media and Sport (DCMS), together with the ICO. It will be based on the size and turnover of the organisation, as it is now, and also the volume of data being processed and the associated risk. The final fees will be approved by Parliament and are expected to go live on 1 April 2018.

Controllers should continue to renew their notifications with the ICO as usual until the change. Future fees are anticipated to be due upon the next renewal date after the change.

Exemptions to the fee model are expected to remain similar to those that exist now.

The ICO will provide an update in due course, expected by the end of the year. Brabners will also be publishing further commentary on the Bill as it progresses.