Why does the ICO charge a data protection fee?

What does the ICO spend the data protection fee on?

The ICO regulates more than just the General Data Protection Regulation (GDPR), it covers several aspects of data, information and privacy protection: GDPR, PECR (Privacy & Electronic Communications Regulations) and Freedom of Information. The funds it gathers through fees help to fund all their work.

This benefits all of us: because the ICO helps to ensure that all companies, charities and government organisations handle information in a responsible and professional manner.

In recent years, the ICO has investigated some pretty serious issues, for example the Cambridge Analytica scandal, where a company took people’s information from Facebook without authorisation, to do in-depth profiling of voters. While the ICO secured a £500,000 fine from Facebook, the money went to HM Treasury and the ICO had to fund its own legal costs in the case.

The ICO also funds grants to develop new ways of helping businesses protect data, including a “regulatory sandbox” where it works out how to responsibly regulate new technologies, like machine learning and Artificial Intelligence (AI).

Whose side is the ICO on?

Yours and mine (as individuals)! The ICO enforces our rights to have our data managed properly and helps to ensure that our rights are protected.

Of course, as a business owner it can feel like the ICO is the ‘data police’. But remember: it’s simply a case of the ICO making sure that your business discharges its responsibilities properly to protect individuals’ data rights.

Is the ICO data protection fee going to increase?

It’s too early to say right now, but it’s likely the fees will stay in place at a similar level in the future. If half the small businesses in the UK paid a data protection fee, the ICO’s income could be well over double what it is now - enough to fund some strong enforcement and provide new support to businesses too.

The ICO can do much more with proper funding, including helping businesses get data protection right more consistently and helping to level the playing field for all businesses.

Did you receive a letter from the ICO?

You might have received a letter from the ICO recently asking you to pay your data processor fee. If you’ve never heard of the ICO before, or know what the fee is about this might come as a bit of a shock - especially when the letter mentions the risk of penalty charges for not paying the fee!

Find out more

Want to know more? Find out whether your business needs to pay the fee, who is exempt or how much is due in our blog that tells you everything you need to know about the ICO.

About Astrid

Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance you need to become and remain compliant with data protection legislation. Find out more about our services.

Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.