Do you need to pay the ICO data protection fee?

The Information Commissioner's Office (ICO) is reminding start-ups and SMEs they might need to register and pay the data protection fee

The ICO is the UK's data protection regulator. Under the Data Protection (Charges and Information) Regulations 2018, organisations that handle personal information electronically, such as people's names and addresses, must register with the ICO and pay an annual data protection fee, unless exempt.

Whether you need to pay the fee depends on how your organisation uses personal information for work purposes. For example, if you store personal information on a computer or phone, you must check if the fee applies. If you use CCTV or dashcams, you will likely need to pay.

For those with 10 or fewer employees, the fee is currently £40 per year. It's important to pay if you need to, to avoid a fine.

How do I pay or check if I'm exempt?

To pay or check if you're exempt, you can use the ICO's online self-assessment. It will guide you through some questions about how your organisation uses data to determine whether you need to pay.

Why is there a data protection fee?

The data protection fee funds the ICO's work, which includes providing practical tools that empower organisations to use people's information confidently and responsibly. For more information about the fee, read the ICO's frequently asked questions on their website.

Data protection support and resources

The ICO offers guides, tools, and checklists to help businesses and organisations handle personal data confidently and comply with data protection law. You can access these on the ICO's web hub for small organisations.

First published 8 October 2024