Many businesses are currently being contacted by the ICO about a data protection fee – in this blog, we explain what it is and who needs to pay.
New data protection regulations came into force in May 2018, requiring every organisation or sole trader who processes personal information to pay a data protection fee to the ICO (unless they are exempt). So we ask: What is data protection? Why is there a fee? And who has to pay it?
Data protection explained
The ICO are the regulatory body for data protection within the UK. In the ICO’s words, data protection is about ensuring people can trust you to use their data fairly and responsibly. If you collect information about individuals for any business purpose, you need to comply.
Nearly all businesses and sole traders will be acting as ‘data controllers’, deciding how and why to collect personal data. The data controller is responsible for making sure data is processed legally. Almost anything you do with data counts as processing, including collecting, storing, using and even deleting.
You can read more about data protection on the ICO website.
The fee explained
The data protection fee is used by the ICO to fund their work, and has been set by Parliament. Nearly all businesses and sole traders will be required to pay a fee; there are very few exemptions. All exemptions are listed here.
The fee ranges from £40 to £2,900 depending on your company size and turnover, split into 3 tiers:
- Tier 1 (£40) – micro organisations with a maximum turnover of £632,000 for your financial year OR no more than 10 members of staff
- Tier 2 (£60) – SMEs with a maximum turnover of £36 million for your financial year OR no more than 250 members of staff
- Tier 3 (£2,900) – large organisations who do not meet the criteria for Tiers 1 and 2
Note that ‘members of staff’ includes those based in the UK and overseas, and a part time worker still counts as one member of staff. If you’ve been going through change, work out an average (calculate the number of staff you had in each month of your financial year, add all 12 totals together, then divide by 12).
There are some exceptions:
- Public authorities do not need to take turnover into account – they categorise themselves by staff numbers only
- Charities and small occupational pension schemes that are not otherwise subject to an exemption only ever need to pay the Tier 1 fee, regardless of size or turnover
You can check what fee you need to pay using the ICO’s short self-assessment.
The maximum penalty for not paying the fee is £4,350 – any money received in fines is passed directly to the government.
Check if you need to pay
Use the ICO’s self-assessment to work out what you need to pay – it shouldn’t take more than 5 minutes.
You’ll also find some useful FAQs on the ICO website, which may help answer any more specific questions you have. And of course if you’re a Warr & Co client, feel free to get in touch with your accountant for further advice.