The Information Commissioners Office (ICO) has written to thousands of business to remind them that they need to pay the data protection fee, a charge payable by all organisations who process personal data, even sole traders, unless they are exempt. In addition, anyone who uses CCTV for crime prevention purposes will have to pay the data protection fee, even if they are an individual.
For most companies the fee is between £40 and £60 per year. For large companies it is £2,900. The fine for not paying it is £4,000. Last year the ICO issued approximately 550 fines to organisations who had not paid the data protection fee, as well as ‘naming and shaming’ them.
There are exemptions available and the ICO has a self-assessment tool on its website to help determine whether or not the fee is payable. The exemptions include circumstances where the personal data is only being processed for staff administration, accounts and records, or not-for-profit purposes. The ICO must still be told if you believe that an exemption applies and that the fee should not be payable. This can be done at www.ico.org.uk/no-fee. Failure to do so may mean that a fine is issued.
It also makes good business sense as it shows to your customers, clients and employees that you value and care about their personal data, and that you take your data protection responsibilities seriously. If an individual has an issue about how you have handed their personal data one of the first things they will do is to check the Data Controller register to see if you are registered. If you aren’t then it gives them immediate grounds to complain to the ICO, and given its current focus on ensuring the data protection fee is paid, it is almost certainly something it will choose to investigate further.
For further specialist advice about whether you need to pay the data protection fee, or on any other aspect of GDPR and data protection please contact Joanna Sutton on 0345 646 0406 or fill in our online enquiry form.