Do we need to pay the ICO Data Protection Fee?

Have you had a letter from the ICO about the data protection fee? Have you carried out a self-assessment to see if you should be paying the fee? Read our latest blog to learn more about an area of data protection that can come as a surprise to business owners.

The Information Commissioners Office (ICO) is the UK’s independent body set up to uphold information rights. Right through this series of blogs we have talked about the safeguards that are put in place to protect the personal data of individuals as they interact with organisations who hold and process information. 

The ICO is the body that manages the standards set by Parliament. As part of that it maintains a register of data controllers who have paid the often-nominal fee to join. This register of data controllers currently comprises more than 1 million companies.

The ICO is in the process of contacting businesses who don’t appear to make them aware of their responsibility to join the register unless they are exempt. Exemptions are very clear and include staff administration, accounts and records, not-for-profit purposes, personal, family or household affairs, or if you process personal information without an automated system such as a computer. 

This is not an exhaustive list and the ICO produce a very useful self-assessment tool which you can find here

As the guidance around some activities like advertising, marketing and public relations are a little unclear, this tool will tell you if your activities require you to pay the fee. Being exempt from the fee does not mean you are exempt from complying with the requirements of UK GDPR and the Data Protection Act (2018).

The data protection fee supports the work of the ICO, particularly in their dedicated advice service for small organisations. The ICO offer a range of toolkits and checklists on their data protection hub that help sole traders, SME’s, small schools, charities, or town councils understand and comply with their data protection obligations.

On their website the ICO say “This is a pivotal time for data protection and privacy and the ICO’s work as the UK’s information rights regulator has never been more relevant.” 

As we are all individuals whose personal data is increasingly widely used to support our lives online it is in our interests to ensure that the ICO’s work is supported. As business owners and managers joining the register of data controllers demonstrates that you are committed to complying with the regulations. 

This supplements the internal work of your Data Protection Officer (DPO), and the publicly available Privacy Notice. The ICO has a helpful guide to the data protection fee which you can find here

Paying the data protection fee is a legal obligation. The requirements to comply with personal data protection legislation are clear, and the work of the ICO is a key aspect of the legislation.

CSRB can help you manage and protect data responsibly while taking the jargon out of the process. Contact us here or call 0117 325 0830 to learn more about how we can bring clarity to your data management processes.