Notice from ICO for Data Protection Fee. What To Do?

In the past few days, I have entertained several people over phone call and in-person over a notice from ICO. Most of these people are either entrepreneurs for start-ups, small business owners or stakeholders from a limited company. Some of the most questions that they have asked me are – Why have I received this letter? Is my business required to pay data protection fee? I don’t even know what this tax is about? And so on. In case you are not aware of what Data Protection Fee, click here a detailed explanation.

But before we dig into this situation first let’s know about who is Information Commission’s Office (ICO)?

ICO is an independent body setup in the UK to uphold information rights in the interest of general public. The body offers an assurance that individual data of people are not misused by commercial bodies.

Now coming back to the pressing issue. Let’s suppose that you have received a notice from ICO that looks something like this:

iCO Data Protection

So, why did I receive Data Protection Fee notice from ICO?

The ICO has absolute authority to write to any registered entity where they believe that data protection fee is due. The fee is charged as a compliance with GDPR Regulations (UK).

You can deal with this situation by following any one of the mentioned below:

  • Making the due payment for 2019-20
  • Setting up a rolling annual payment through Direct Debit payment
  • Telling ICO that you are exempted

How much do I need to pay?

The applicable fee directly depends on the size and turnover of the entity. There are a total of 3 tiers and the range varied from £40 and £2,900. In case you want to know about the tiers, here they are:

Tier 1 – Data protection fee is £40. Size of the organization should not be more than 10 employees (also known as micro organization) and annual turnover to be within £6,32,000.

Tier 2 – Data protection fee is £60. Size of the organization should not be more than 250 employees and annual turnover to be within £36 million.

Tier 3 – Data protection fee is £2,900. This is applicable to any organization who doesn’t fall in Tier 1 and Tier 2.

Exception to the above-mentioned are:

  • Small occupational pension schemes
  • Charities

These organization pay £40 as fee, irrespective of their size.

Not sure if you need to pay a fee to the ICO? What Should I do?

The very first step that you should take is check your eligibility. Visit: ico.org.uk/fee-checker to find if you are actually required to pay data protection fee.

I am exempted, what should I do next?

Simply fill an online form that will tell ICO that you are not required to pay any fee: ico.org.uk/no-fee

What if I am required for fee payment?

If the fee checker portal shows that you are eligible to pay data protection fee, then visit: ico.org.uk/fee and pay the required fee. For first time users, the portal will request you to register with them and payment can be made through debit or credit card.

In case you face any problems during the process, feel free to dial the ICO official helpline number: 0303 123 1113.

Don’t ignore the notice

A client of mine asked me yesterday what would happen if he finds out that he is liable to pay data protection fee and still he chooses not to pay. I suggested him to clear his thoughts and do the needful as failure to pay the mentioned fee will attract a penalty upto£4,350.

Look out for Scams?

Last, but not the least, be aware of the scams that are going on. If you receive any notice or any form of communication stating that it is from ICO in respect of fee, then first verify the same on their official website – https://ico.org.uk. If the mentioned information is same as in the notice or communication, then go ahead and do the needful. If not, then ignore.

Authored by Rajiv Singh, ACA, FAIA