The Data Protection Fee: what is it and do I need to pay it?09 Dec 2019
What is the data protection fee?
It is the fee payable by data controllers to the Information Commissioner’s Office (“ICO”) when they register with the ICO and funds the ICO’s activities. All data controllers are required to register with the ICO and pay the fee unless they are exempt.
Do I have to pay the data protection fee?
All data controllers (i.e. entities that determine if, how and why personal data is processed) must pay a data protection fee unless they are exempt. Most businesses will be data controllers and therefore, unless they are exempt, will be required to pay the data protection fee.
Am I exempt from paying the data protection fee?
You will not be required to pay the data protection fee if you only use personal data for one or more of the following purposes:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Processing personal information without an automated system such as a computer.
If you use personal data for any purpose other than those set out above, your business will be required to pay the data protection fee.
Examples of businesses which could not rely on the exemption are businesses that:
- use CCTV for crime prevention
- use personal data to process sales of goods or services
- have loyalty schemes
- provide legal or financial services
- provide marketing services to other businesses.
The ICO also has an online self-assessment tool to assist you in deciding whether your business should be registered with it and pay the data protection fee. This tool is available at https://ico.org.uk/for-organisations/how-much-will-i-need-to-pay/.
How much is the data protection fee?
The amount of the data protection fee you are required to pay varies depending on the size of your business, and can be calculated as follows:
|Type of organisation||Maximum staff members||Maximum turnover (per financial year)||Data protection fee payable (per year)|
|Small and medium organisations||250||£36 million||£60|
|Large organisations||More than 250||More than £36 million||£2,900|
How do I pay the fee?
The fee can be paid online at https://ico.org.uk/for-organisations/data-protection-fee/.
What happens if I don’t pay the fee?
If you don’t pay the data protection fee and you are not exempt, your business could be fined up to £4,350 by the ICO. The ICO has already levied penalties against businesses in many different sectors for a failure to pay the fee so this should not be ignored.
If you are still not sure whether your business is required to pay the data protection fee, please speak to one of our data protection team, on 0161 832 3434 or contact us.