Information Commissioner's Office
Blog: Show you mean business by paying the Data Protection Fee
Paul Arnold, ICO Deputy Chief Executive explains to small businesses why they need to pay the data protection fee.
Businesses that process personal data have to pay a fee to the data protection regulator, the Information Commissioner’s Office.
It’s the law to pay the fee, which funds the ICO’s work, but it also makes good business sense. Because whether or not you’ve paid the fee could have an impact on your reputation.
When you’ve paid, your business is published on our register of data controllers. Members of the public and other companies check that list before they decide to do business.
We speak to thousands of people and organisations every week and it’s clear that being on the register tells others a lot about you.
It’s a strong message for your customers – it lets them know that you value and care about their information and that you’re more likely to keep it secure and not share it inappropriately.
It also lets other organisations know that you run a tight ship and that you’re aware of your data protection obligations. It indicates that you’re more likely to take your other data protection responsibilities seriously too. It’s a reassurance for those thinking of doing business with you.
For most organisations, the fee is either £40 or £60 a year depending on your turnover and how many people you employ.
If you’re not sure whether you need to pay, you can check here.
There’s another good business reason to pay too. If you need to pay and don’t you will be fined. Fines range from £400 to £4,000 and since May, when the current law came into effect, we’ve issued 103 penalty notices to companies for failing to pay.
We publish a summary of this enforcement action which we will be sharing regularly through social media and in our e-newsletter. This will include publishing the names of organisations we fine on our website.
Paying the data protection fee is important because it funds our work providing advice and guidance about how to comply with the law. Things like our online guidance, our telephone helpline and our digital toolkits.
Fines do not fund the ICO. They are paid to HM Treasury.
We know that time is money, especially for a one-person business or a small organisation, so we’ve made it as easy as possible to pay. You can do this online and it only takes 15 minutes to complete the process.
If it avoids you paying a fine and protects your reputation, we think that is time well-spent.
Paul Arnold, Deputy Chief Executive Officer/Executive Officer is responsible for the ICO's internal support and compliance functions as well as our high volume customer services. Paul leads departments responsible for IT, Information Governance, Business Development and Change Management, Organisation Development and Customer Contact.
Latest News from
Information Commissioner's Office
ICO fines Vote Leave £40,000 for sending unlawful text messages20/03/2019 09:10:00
The Information Commissioner’s Office (ICO) has fined Vote Leave Limited £40,000 for sending out thousands of unsolicited text messages in the run up to the 2016 EU referendum.
A call for participation: Building the ICO’s auditing framework for Artificial Intelligence19/03/2019 16:10:00
Blog posted by: Simon McDougall, 18 March 2019.
Two Birmingham workers fined for data protection breaches19/03/2019 12:20:00
Employees could face a criminal prosecution if they access or share personal data without a valid reason, the Information Commissioner’s Office has warned.
ICO raids businesses in Brighton and Birmingham suspected of making millions of nuisance calls13/03/2019 09:10:00
The Information Commissioner’s Office (ICO) has searched two addresses as part of an investigation into businesses suspected of making live and automated nuisance calls.
International Conference of Information Commissioners 201912/03/2019 09:10:00
Elizabeth Denham's opening address given yesterday to the International Conference of Information Commissioners.
Blog: Adtech fact finding forum shows consensus on need for change08/03/2019 16:20:00
There’s a well-quoted line from Steve Jobs, that as Apple CEO he didn’t employ smart people to tell them what to do, but so that they could tell him what to do.
Blog: Why the right of access to patient data needn’t be a headache for GPs08/03/2019 13:20:00
Blog posted by: Jovian Smalley, Group Manager – Engagement (Public Services), 07 March 2019.
Organisations should be doing more to achieve privacy accountability06/03/2019 09:10:00
The Global Privacy Enforcement Network's (GPEN) annual intelligence gathering operation looked at how well organisations have implemented the core concepts of accountability into their own internal privacy policies and programmes.