We’ve been made aware of multiple businesses we work with receiving letters from the Information Commissioner’s Office (ICO), reminding them of their legal obligation to pay a data protection fee.
the last couple of months, we’ve been made aware of multiple businesses we work
with receiving letters from the Information Commissioner’s Office (ICO),
reminding them of their legal obligation to pay a data protection fee.
first glance, it can look like these letters are a scam, especially in a world
where we’re constantly bombarded with junk emails, con artists asking for money
and digital fraud. We’re urged to be extremely careful.
we can confirm these letters are real and legitimate from the ICO.
have confirmed themselves that they sent letters to the UK’s 4.2 million limited
companies at their registered offices.
is the ICO?
The ICO is the Information Commissioner’s Office, and they are responsible for overseeing information rights in the UK. In practice, that means they monitor how information is used by organisations all around the country, in an effort to protect individuals’ rights.
all the GDPR and data protection legislation from a couple of years ago? Well
the ICO is the UK’s independent body tasked with enforcing that. The
legislation all still applies in the UK, despite leaving the EU.
my company need to pay a data protection fee?
you handle any kind of personal data electronically, then it’s very likely your
company will need to pay a data protection fee.
includes names, email addresses, physical addresses and IP addresses.
organisation or sole trader who processes personal information needs to pay a
data protection fee to the ICO, unless they are exempt.”
adds that: “if you hold personal information for business purposes on any
electronic device…it is likely an annual fee payment is due”.
What is the cost of the data protection fee?
cost of the data protection fee depends on the size of your organisation and
your annual turnover. For most SME businesses, it will be between £40 and £60.
If your business processes data solely to keep accounts, records of purchases, sales or other transactions, deciding whether to accept any person as a customer or supplier or making financial or financial management forecasts – then it may be exempt.
if you use that data for any kind of marketing, then you will still need to pay
the data protection fee.
you don’t store any data digitally – just hard copies – you may be exempt too.