Is ICO asking you to pay data protection registration fee?

We have unsolicited legal advice for you:) Still, we are convinced that it will be practical. Otherwise, we would not be writing this.

If you have a company in the UK, you may have been contacted by the Information Commissioner’s Office (ICO). The ICO is increasingly contacting companies, demanding that they pay an annual “data protection registration fee”. Is this request genuine, and do you have to pay? Could it be a scam? What are the consequences if you ignore this letter?

Let us answer the main questions. If you need more information, we will gladly help with a consultation.

What is ICO?

The ICO is an independent UK authority established to protect the privacy of UK residents. The ICO plays a crucial role in enforcing data protection legislation in the UK. It has the power to hold companies accountable and encourage them to use personal data responsibly.

What is the data protection registration fee from ICO?

The relatively recent data protection legislation (UK GDPR, DPA 2018) contains strict rules on the processing of personal data. The administration and implementation of this legislation cost some money for the ICO. As a result, a data protection registration fee has been introduced in the UK to fund the ICO’s work.

UK law imposes a duty on businesses that are data controllers within the meaning of UK privacy law to pay the ICO a data protection registration fee annually. Otherwise, you must inform the ICO that your business does not meet the criteria.

Could this ICO claim be a scam?

Paying the ICO’s data protection registration fee is not a scam. But, as with any other scheme, there are scammers who will be happy to turn something honest into an opportunity to rob you of your money. So be vigilant.

If you receive a letter with an attachment, text message, email, or phone call that appears to be from an ICO, do not rush to open it and respond. We recommend looking for information about the ICO fee on the official ICO portal at the following link: https://ico.org.uk/for-organisations/data-protection-fee/.

What is the amount of the data protection registration fee?

The amount you need to pay to the UK supervisory authorities depends on the size of your business and annual turnover. The fee ranges from £40 to £2’900.

How do we know whether we must pay the data protection registration fee?

Every organisation or individual operating in the UK that processes personal data for their own purposes (a “data controller”) must register with the ICO and pay the fee. You are not required to pay and register if you fall within the exemption (for example, if you only process data for record-keeping, HR administration, advertising, or non-commercial purposes). But even if you don’t need to register with the ICO, you must apply for a fee exemption. Otherwise, the ICO will send you letters threatening to fine you.

If you are unsure whether you need to register and pay a fee, we recommend using the ICO’s online registration self-assessment tool. The self-assessment tool will guide you through a series of questions to determine if and how you use the data. If you are still not 100% sure whether you need to pay, please contact us, and we will help you figure it out.

What happens if we do not pay the data protection registration fee?

If, by all indicators, you are obliged to pay the data protection registration fee, but you choose not to, you can be fined up to £4’000. Between May 2021 and June 2022, the ICO imposed 126 fines on organisations for failing to pay such a fee.

***

For more information on the registration process and practical advice on paying the fee, please contact us. We will be happy to assist you and provide detailed instructions and advice.