In the last couple of months, we’ve been made aware of multiple businesses we work with receiving letters from the Information Commissioner’s Office (ICO), reminding them of their legal obligation to pay a data protection fee.

At first glance, it can look like these letters are a scam, especially in a world where we’re constantly bombarded with junk emails, con artists asking for money and digital fraud. We’re urged to be extremely careful.

But we can confirm these letters are real and legitimate from the ICO.

They have confirmed themselves that they sent letters to the UK’s 4.2 million limited companies at their registered offices.

What is the ICO?

The ICO is the Information Commissioner’s Office, and they are responsible for overseeing information rights in the UK. In practice, that means they monitor how information is used by organisations all around the country, in an effort to protect individuals’ rights.

Remember all the GDPR and data protection legislation from a couple of years ago? Well the ICO is the UK’s independent body tasked with enforcing that. The legislation all still applies in the UK, despite leaving the EU.

Does my company need to pay a data protection fee?

If you handle any kind of personal data electronically, then it’s very likely your company will need to pay a data protection fee.

That includes names, email addresses, physical addresses and IP addresses.

The ICO says:

Every organisation or sole trader who processes personal information needs to pay a data protection fee to the ICO, unless they are exempt.”

It adds that: “if you hold personal information for business purposes on any electronic device…it is likely an annual fee payment is due”.

What is the cost of the data protection fee?

The cost of the data protection fee depends on the size of your organisation and your annual turnover. For most SME businesses, it will be between £40 and £60.

You can see exactly how much your organisation will owe each year here.

Who is exempt?

If your business processes data solely to keep accounts, records of purchases, sales or other transactions, deciding whether to accept any person as a customer or supplier or making financial or financial management forecasts – then it may be exempt.

But if you use that data for any kind of marketing, then you will still need to pay the data protection fee.

If you don’t store any data digitally – just hard copies – you may be exempt too.

The best way to see if you may be exempt or not is to take the short self-assessment quick here.

It’s easy to pay for your data protection fee online, but if you have any queries at all, please do not hesitate to get in touch.

It’s also important to note that failure to pay the fee – when you’re not exempt – could result in a penalty of up to £4,350.

If you handle any kind of personal data electronically, then it’s very likely your company will need to pay a data protection fee. ”

Suzanne Preston

More blog posts


How to Set Up a Business for Financial Success

Longing to start your own business? Got an idea but unsure where to start with the finances? Take your plans from concept to reality - see our top tips for how to begin here in our latest blog.

Don’t Get Frozen in Time – Your Guide to Succession Planning

Succession planning is all about clarifying the future of your farming business. Learn what you need to begin your succession plan and how we can help!

Are you making the most of the farm data you have available?

With lots of new advances in cloud-based accounting, this provides huge opportunity to the farming industry. Here's how.

Brightshire Welcomes Katie Starkey-Gillett

The team at Brightshire would like to introduce you to Katie Starkey-Gillett, who joined us recently as our new Senior Accountant.