The ICO has launched a campaign to contact all registered companies in the UK reminding them of their legal responsibility to pay a data protection fee. The move marks the start of an extensive programme to make sure the Data Protection Fee is paid by all those who need to pay it.
The ICO reminds readers that under the Data Protection Act 2018 organisations that process personal information are required to pay a data protection fee unless they are exempt. You can quickly and easily find out if your organisation needs to pay the fee by using the ICO’s self-assessment checker, but if you hold personal information for business purposes on any electronic device, including using CCTV for crime prevention purposes, it is likely an annual fee payment is due.
The ICO says that companies can avoid a contact from the ICO by either:
- visiting the ICO website to pay the organisation’s Data Protection Fee online; or
- completing this an online form to tell the ICO why the organisation is exempt from paying the fee.
Since the new annual data protection fee was introduced in May 2018, over 600,000 organisations have registered to pay it. At the same time, between 1 July and 30 September 2019, the ICO has issued 340 monetary penalties to organisations that have not paid the data protection fee.
The ICO reminds readers that, as well as naming most organisations it fines, it also publishes the names of all fee-paying organisations. The ICO says that this helps make it clear to their customers, clients and suppliers that those organisations are aware of their legal obligations when processing personal information.
The cost of the data protection fee depends on a company’s size and turnover. There are three tiers of fee ranging from £40 and £2,900. To read the ICO’s blog post in full and for links to further relevant information, click here.