Information Commissioner’s Office explains why small businesses need to pay the data protection fee

The ICO explains that businesses are obliged to pay the fee by law, but that it also “makes good business sense” as it could have an impact on the business’s reputation.

Once the fee has been paid, the business is published on the ICO’s register of data controllers and members of the public and other companies check that list before they decide to do business.

The ICO says that it speaks to “thousands of people and organisations every week” and it is clear that being on the register is “a strong message for your customers”. In the ICO’s experience, it lets customers know that the business values and cares about their information and that the business is more likely to keep it secure and not share it inappropriately.

The ICO says that it also lets other organisations know that the business runs “a tight ship” and is aware of its data protection obligations.

For most organisations, the fee is either £40 or £60 a year depending on turnover and how many people are employed.

The ICO also reminds businesses that failure to pay can lead to a fine. Fines range from £400 to £4,000 and since May 2018, when the current law came into effect, the ICO has issued 103 penalty notices to companies for failing to pay. To read the ICO’s press release in full, click here.