In
the last couple of months, we’ve been made aware of multiple businesses we work
with receiving letters from the Information Commissioner’s Office (ICO),
reminding them of their legal obligation to pay a data protection fee.
At
first glance, it can look like these letters are a scam, especially in a world
where we’re constantly bombarded with junk emails, con artists asking for money
and digital fraud. We’re urged to be extremely careful.
But
we can confirm these letters are real and legitimate from the ICO.
They
have confirmed themselves that they sent letters to the UK’s 4.2 million limited
companies at their registered offices.
What
is the ICO?
The ICO is the Information Commissioner’s Office, and they are responsible for overseeing information rights in the UK. In practice, that means they monitor how information is used by organisations all around the country, in an effort to protect individuals’ rights.
Remember
all the GDPR and data protection legislation from a couple of years ago? Well
the ICO is the UK’s independent body tasked with enforcing that. The
legislation all still applies in the UK, despite leaving the EU.
Does
my company need to pay a data protection fee?
If
you handle any kind of personal data electronically, then it’s very likely your
company will need to pay a data protection fee.
That
includes names, email addresses, physical addresses and IP addresses.
The
ICO says:
“Every
organisation or sole trader who processes personal information needs to pay a
data protection fee to the ICO, unless they are exempt.”
It
adds that: “if you hold personal information for business purposes on any
electronic device…it is likely an annual fee payment is due”.
What is the cost of the data protection fee?
The
cost of the data protection fee depends on the size of your organisation and
your annual turnover. For most SME businesses, it will be between £40 and £60.
You can see
exactly how much your organisation will owe each year here.
Who is exempt?
If your business processes data solely to keep accounts, records of purchases, sales or other transactions, deciding whether to accept any person as a customer or supplier or making financial or financial management forecasts – then it may be exempt.
But
if you use that data for any kind of marketing, then you will still need to pay
the data protection fee.
If
you don’t store any data digitally – just hard copies – you may be exempt too.
The
best way to see if you may be exempt or not is to take the short
self-assessment quick here.
It’s
easy to pay for your data protection fee online, but if you have any queries at
all, please do not hesitate to get in touch.
It’s
also important to note that failure to pay the fee – when you’re not exempt –
could result in a penalty of up to £4,350.