Following the introduction of the GDPR and the Data Protection Act 2018, many clients have been asking, "Do I need to pay the Data Protection Fee to the ICO?"

Firstly - some of our clients have received an email from the ICO and have considered it a scam - undoubtedly, there will be some scams out there, but in general, the Data Protection Fee is now a requirement. Please do head over to the GOV website here to learn more: https://www.gov.uk/data-protection-register-notify-ico-personal-data

In general, if you are processing personal data in person or via your website, you must pay the data protection fee to the ICO. The amount you are required to pay depends on several factors, such as the number of staff and your annual turnover. For most UK companies, the annual fee is either £40 or £60.

The ICO has developed a self-assessment tool to help determine whether you need to pay a fee. There are some exemptions to this fee requirement. Currently, a Government consultation is underway to review who should be exempt from paying these fees.

Under the current guidelines, you do not need to pay a fee if you only process personal data for specific "core business" purposes, such as employee administration, advertising and maintaining records (among other reasons). This could apply to small businesses that only process personal data as part of their primary business activities. However, if you are controlling and processing personal data for other purposes, you will likely need to pay the fee.

Once registered, the ICO will publish some limited information. The maximum penalty for failing to pay the required fee is £4,350. Therefore, it is important to complete the assessment to determine if you need to pay the fee or if your fee needs to be renewed soon.

If you are our client already, please feel free to contact our team if you have any questions about your website.