Since the outbreak of the COVID pandemic the Information Commissioners Office (ICO), like many Government departments, put a stay on the collection of the annual registration fees. But now they want what is due.
Every organisation who processes personal information needs to pay a data protection fee to the ICO, unless they are exempt. Historically, every business had to register with the ICO if they processed personal data such as personal particulars, national insurance, and date of birth details …although I never saw, nor heard, of any enforcement of this. With this registration came a fee.
Enforcement Letters and Current Obligations
Since the Data Protection (Charges and Information) Regulations were introduced in April 2018, individuals and organisations that process personal data need to pay a data protection fee to the ICO, unless they are exempt. You may not need to pay the fee if you can prove that you process personal information without an automated system, such as a computer. I would expect that this is a rarity now. Otherwise only judicial functions, those compiling public registers and members of the House of Lords have exemption.
Many of our customers in the manufacturing sector are reporting that they are starting to receive letters from the ICO chasing unpaid fees for this year, and for the period that they stopped chasing due to the coronavirus. Many are wondering if the demands for payment are legitimate. Well, I am afraid to say, they are. The ICO have said that demands for unpaid fees will roll out throughout all eligible sectors in the fullness of time.
The band of fees for registration are set in tiers between £40 and £2,900, depending on the number of employees and turnover. However, for most organisations the fee will be between £40 and £60 per year.
Details can be reviewed and updated, along with facilities for verifying and paying fees, and can be accessed here.
At the very least, ensure you have a legally compliant Data Protection Policy.
Employment Law Director