The ICO is currently actively contacting organisations they believe to be processing personal data that are not already registered on the ICO's register of fee payers. Every organisation or sole trader who processes personal information must pay a data protection fee to the ICO unless they are exempt. The potential consequence of not paying this fee or paying the wrong fee is a fine of up to £4,350.
Exemptions apply to organisations who are only processing data for one or more of the following:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
- Processing personal information without an automated system such as a computer
- Since 1 April 2019, Members of the House of Lords, elected representatives and prospective representatives are also exempt
If you do need to pay a fee, the size of this fee will be dependent on the size of your organisation, your type of organisation and annual turnover, with three different tiers of fee applying from £40 to £2,900. More guidance on which level of fee may apply to your organisation can be found on the ICO website.
If you are unsure on whether you need to pay a fee, the ICO also provides a self-assessment tool to help with this.