The Information Commissioner’s Office (ICO) is an independent organisation employed by the government to handle data privacy and GDPR (General Data Protection Regulation).
Under the Data Protection Act 2018, every UK business, organisation or sole trader that processes personal data is legally required to pay an annual fee to the ICO, unless exempt, which we will come back to. The ICO use this money to fund their work. If you haven’t already, you will need to register as a data controller with the ICO and they will confirm whether you are required to pay the fee.
You may have already received a letter from the ICO and be wondering what it’s all about, or you may be yet to receive one.
What classes as personal data?
- Information that can be used to identify an individual
For example: a name, number, address, IP address, cookie identifiers, and much more
- Information that relates to a person
- Data that is encoded or pseudonymised may still be classed as personal data, unless it is truly anonymous
Exemptions:
You may be exempt if you are only processing personal data for any of the following reasons:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
- If you don’t use an automated system to process personal information (such as a computer)
- Members of the House of Lords
You can use the ICO’s self-assessment tool to check whether you are exempt.
How much do I need to pay?
By filling in the ICO’s online form, you can find out whether you need to pay and if so, how much.
There are 3 tiers of payment. The following factors will determine which tier you fall under:
- Quantity of staff
- Annual turnover
- If you are a public authority
- If you are a charity
- If you are a Small Self-Administered Scheme (SSAS)
(a pension scheme set up by a limited company)
Tier 1 – Micro organisations: £40
- You have 10 employees or less or
- Your maximum turnover is £632,000
Tier 2 – Small and medium organisations: £60
- You have 250 employees or less or
- Your maximum turnover is £36,000,000
Tier 3 – Large organisations: £2,900
- If you aren’t eligible for tier 1 or 2, you will be fall into this tier
- You will automatically be placed in this tier unless you tell the ICO otherwise, which you can do by filling in the registration form
Direct debit discount:
If you choose to pay your fee by direct debit, you will receive an automatic discount of £5 at the point of payment.
How to pay:
- If you are paying for the first time, you will need to register with the ICO
- Or you can call 0303 123 1113
If you are already registered, you will not need to pay again until your registration expires, at which point you will receive a letter instructing you how to pay.
Non-Payment
If you fail to pay the data protection fee, you could be fined anywhere from £400 – £4,000.
You can reach out to DH Business Support today for more information or support with paying the data protection fee.
Call us on 0330 088 1701 where we will be happy to assist you.