By law, under the Data Protection (Charges and Information) Regulations 2018, organisations that handle personal information electronically, such as people’s names and addresses, must register with the ICO and pay the annual data protection fee, unless they qualify for an exemption. The Information Commissioner’s Office (ICO) is the UK regulator for data protection.
The need to pay the fee is determined by how a firm uses personal information for work purposes. For example, if a company stores personal information on a computer or phone, they must check whether they need to pay the data protection fee. It is likely that companies using CCTV or dashcams will need to pay.
For those with 10 or fewer employees, the fee is currently £40 per year. It’s important to pay – if necessary – to avoid a fine.
To pay or check exemptions, members can use the ICO’s online self-assessment: ico.org.uk/fee-checker. It takes the user through some questions about how the firm uses data to determine whether payment is required.
The data protection fee funds the ICO’s work, which includes providing practical tools that help organisations to use people’s information confidently and responsibly.
For more information about the fee, read the ICO’s frequently asked questions on its website: ico.org.uk/dpfee-faq.
