If you are a company or sole trader that processes personal data, you will need to pay a data protection fee to the Information Commissioner’s Office (ICO). In this post, we’re going to cover everything you and your business need to know about this fee, including how much it is, what happens if you don’t pay it, who is exempt from paying it, and much more. Let’s get started.
Who are the ICO and what is the data protection fee?
The ICO is an ‘executive non-departmental public body’ that ‘upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals’.
The current Information Commissioner is John Edwards, who began a 5 year term in the role in January 2022.
The data protection fee is an annual fee that must be paid by any UK organisation that processes data (there are a few exemptions that we will look at shortly) to the ICO. The fee is then used to fund the work of the ICO.
Paying the fee is a legal obligation and falls under the Data Protection Act 2018, the act that brought about the General Data Protection Regulation, more commonly known as GDPR.
How much is the data protection fee?
The exact fee depends on the size of your company and its turnover. There are three different payment tiers (with tiers 1 and 2 being the most common):
Tier 1 – £40 per year (£35 if you pay by direct debit)
- Your company has 10 or less members of staff, or
- Your company’s maximum turnover is no more than £632,000 in its financial year
Tier 2 – £60 per year (£55 if you pay by direct debit)
- Your company has more than 10 staff members but less than 250, or
- Your company’s maximum turnover is no more than £36 million in its financial year
Tier 3 – £2,900 per year (£2,895 if you pay by direct debit)
- Your company meets none of the criteria set out above
Does my company need to pay the ICO data protection fee?
Generally speaking, your company (or other business types, such as a sole trader) will need to pay the fee if:
- You are electronically processing personal information (‘any detail about a living individual that can be used on its own, or with other data, to identify them’), or
- You use CCTV for crime prevention (for business purposes, not for personal reasons).
To confirm whether your company needs to pay the fee, you can use the ICO’s free ‘Registration self-assessment’ tool.
What does ‘processing’ mean?
The ICO describes processing as actions that you can do to personal information. This includes:
Who is exempt?
If you do not process personal information at all (or you do but not via a computer or other automated system), you are exempt and will not need to pay the fee.
You are also exempt if you are only processing personal information for any of the reasons below:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
According to the ICO, ‘members of the House of Lords, elected representatives and prospective representatives are also exempt’.
Once again, you can use the ‘Registration self-assessment’ tool to find out if your company is exempt.
What happens if I don’t pay the fee?
As mentioned, if your business is not exempt, you are legally required to pay the data protection fee. Failure to pay the fee can result in a penalty, ranging from £400 up to £4,000.
What is the deadline for paying the fee?
Instead, the ICO sends out regular letters to businesses making them aware of the data protection fee requirements. These letters include a date by which the ICO expects to receive a response (regardless of whether you need to pay the fee or not).
How do I pay the fee?
With our ICO Registration Service, priced at £79.99, our team of experts can assist you in paying the data protection fee, freeing up your time so that you can concentrate on your business.
Once you have purchased the service we will email you an online questionnaire, asking for some information about your new business. Complete this form and return it to us, we’ll then register you with the ICO and take care of paying your fee (covered as part of the £79.99 service cost).
It can take up to 10 days for your company to be registered with the ICO, depending on the ICO’s workload. Once complete, we will send you your ICO Registration Number and ICO security code.
How to buy our ICO Registration Service
How you purchase our ICO Registration Service depends on what stage your business is at and whether or not you are an existing 1st Formations customer. See below for more information:
If you have not yet started your business and are thinking of moving forward with a limited company – We can help you register your company with Companies House (the UK’s register of companies) and take care of paying the data protection fee at the same time.
To get started, follow the below steps:
- Choose your company name via our company name search tool
- Select your company formation package – prices start from only £12.99
- On the ‘Additional Services’ page, add the ICO Registration Service to your basket – priced at £79.99
- Work through and complete the simple online company formation process
Your online ICO registration questionnaire will be emailed immediately and your company will be formed in as little as 3-6 working hours.
If you are already a 1st Formations customer – You can purchase the ICO Registration Service from your Online Company Manager:
- Log in to your 1st Formations account
- Select ‘My Companies’ and click ‘View’ next to your company name
- Click on the ‘Shop’ tab and then select ‘Add’ next to ‘ICO Registration Service’
- Proceed to the payment page and complete the order
Your online ICO registration questionnaire will be emailed to you immediately.
If you are not an existing 1st Formations customer – Don’t worry, you can still buy our ICO Registration Service. Simply give us a call on 020 3897 2233 and we’ll take your order over the phone. Once processed, we’ll email your questionnaire.
Why it pays to pay the ICO data protection fee
As well as being a legal requirement, paying the data protection fee is also good for your reputation as it demonstrates to your customers and other business contacts that you take their data seriously.
When you pay the fee, you are assigned an ICO Registration Number that you can publish on your website to highlight that you are registered and, in turn, assure potential customers that you can be trusted.
Plus, your business’s name is added to the ICO public register of fee payers (not to be confused with the Companies House register), where the ICO publishes the names of all businesses that have paid the data protection fee.
On top of maintaining the free-to-use public register, the ICO also lists the businesses that have been issued a penalty notice. This is obviously not a list that any business would wish to appear on.
Do I need to tell the ICO if I don’t need to pay the fee?
It is good practice to notify the ICO if you are exempt from paying the data protection fee, even if you have not yet received a letter from them. You can do this online by completing this short ‘Exemptions’ form.
So there you have it
We hope we have answered all your questions about the Information Commissioner’s Office and the data protection fee, and importantly, whether or not your business needs to pay.
If you do still have any queries, please leave a comment on this post and we’ll get back to you as soon as possible. Thanks for reading.