Have you paid the data protection fee?

22 October 2018

Alongside the implementation of the GDPR in May 2018, organisations and sole traders who process personal data are now required to pay an annual data protection fee to the Information Commissioners Office (“ICO”) unless they are exempt. The fee replaces the old registration scheme and is intended to fund the work carried out by the ICO.

There are three tiers of fee: £40, £60 and £2,900. The fee you pay will depend on your annual turnover and how many members of staff you have. Relevant factors also include whether you are a public authority, a charity or a small occupational pension scheme. Most SMEs will pay £60.

Businesses are exempt from paying the data protection fee if they are processing personal data only for one (or more) of the following purposes:

  • Staff administration
  • Advertising, marketing and public relations
  • Accounts and records
  • Not-for-profit purposes
  • Personal, family or household affairs
  • Maintaining a public register
  • Judicial functions
  • Processing personal information without an automated system such as a computer

The ICO recently announced that it was starting to take action against businesses that have not yet paid the data protection fee. Therefore, if you have not already paid the fee, you should do so as soon as possible. The exception to this is if you are already registered with the ICO, in which case you do not have to pay the fee until your registration is up for renewal.

To assess whether you have to pay the data protection fee, and how much, please see the ICO website.

By Michelle Tudor

For further advice on the above topics, please call us on 01483 543210 or alternatively email

Back To Related Content