The data protection fee and how this may affect your business

ICO_data_protection-fee

The ICO is The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

You may have received a letter through the post from the ICO requesting payment for a data protection fee. Under the Data Protection Act 2018, organisations processing personal data must pay a data protection fee, unless they are exempt. Personal data includes information like people’s names, addresses or telephone numbers.

The fee is payable by a range of companies from sole traders and SMEs through to large organisations, depending on your practices. The amount payable varies depending on the size of the organisation. This fee must be paid annually.

If you hold personal information for business purposes on any electronic device, you may need to pay an annual fee and it is your responsibility to find out. You will need to go to the ICO website to check if you need to pay the fee by completing the self-assessment checker.

How much does it cost?

The cost of the data protection fee depends on a company’s size and turnover. There are three tiers of fee ranging from £40 to £2,900.

Tier 1 – micro organisations

You have a maximum turnover of £632,000 for your financial year or no more than 10 members of staff. The fee for tier 1 is £40.

Tier 2 – small and medium organisations

You have a maximum turnover of £36 million for your financial year or no more than 250 members of staff. The fee for tier 2 is £60.

Tier 3 – large organisations

If you do not meet the criteria for tier 1 or tier 2, you have to pay the tier 3 fee of £2,900.

Note: The cost is reduced by £5 if you sign up by direct debit

Handy hints

  • Any company using CCTV for crime prevention purposes is required to pay the annual data protection fee to the ICO, regardless of their business operations. This means that you do not need to take the self-assessment checklist (it is the first question on this checklist).
  • If the online fee checker says you do not need to pay, you must complete the short form at ico.org.uk/no-fee, for the ICO to update their records stating the reason for the exemption.
  • If you need to pay and do not pay, or if your annual fee is overdue you could be fined up to £4,000.
  • The ICO states that there are not many situations where you would be exempt from paying a fee. If it avoids you paying a fine and protects your reputation, it could be that it is money well-spent.
  • You pay your fee through the ICO website. The cost is reduced by £5 if you sign up by direct debit. You will then be placed on their register.
  • The ICO is warning companies to be aware of scams relating to payment of the data protection fee. If you’ve received a letter, text message, email or telephone call from the ICO and what to check that it’s genuine, please search ‘ICO fee’ using your usual search engine. Follow the top results to website links which begin with https://ico.org.uk, and this will bring you to their official website.

Download and print this information here.