Have you received a letter from the ICO about paying a data protection fee?
The ICO has been writing to UK registered businesses asking them if they need to pay their data protection fee. If you haven’t paid your fee and have received a letter from the ICO, don’t ignore it or you could face extensive fines.
Why have I received a letter from the ICO?
The ICO is the UK regulator for all matters data protection. The organisation announced in December last year that it was launching a campaign to make sure that all businesses who are legally required to pay a data protection fee are doing so.
Since GDPR came into force in May 2018, over 600,000 businesses have registered for the ICO data protection fee but many more should be registered. The ICO is writing to you as it believes that your business is liable for the annual fee and you aren’t on their public register of fee payers.
Do I need to pay a data protection fee?
Any organisation that processes personal data is required to pay a data protection fee to the regulator unless it is, in certain specific circumstances, exempt. For small businesses, the fee is £40 a year, reduced to £35 a year if paid by direct debit.
Find out more about the ICO data protection fee including who the ICO is, why there is a fee and who is exempt from registering.
What will happen if I don’t pay the fee?
Payment of the ICO data protection fee is a legal requirement. If you have received a letter from the ICO and you haven’t paid your fee, they believe you are liable. If, as a small business, you do not pay your fee before the deadline given in your letter, you could be liable for a £4,000 fine. Fines may be larger for bigger organisations or those that process sensitive information.
The regulator issued 340 fines for non-payment of the fee in the three months to 30th September 2019.
What to do if you haven’t paid your data protection fee to the ICO
Whether you have received a letter from the ICO or not, if you haven’t paid your data protection fee:
Once you have paid your fee, it's time to consider what else you need to do to become compliant with data protection legislation.
Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance you need to become and remain compliant with data protection legislation. Find out more about our services. Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.
Protect your business - become and remain GDPR compliant with Astrid