The Data Protection Fee – to pay or not to pay?

Way back in May 2018 the Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations) came into force, changing the way the Information Commissioner’s Office funds their data protection work.

Under the 2018 Regulations organisations that determine the purpose for which personal data is processed (controllers) must pay a data protection fee unless they are exempt.  

This “new” data protection fee replaced the requirement to ‘notify’ (or register), which was in the Data Protection Act 1998.  Some of you should have, and may have, paid this fee in recent years.

Although the 2018 Regulations have been in effect for a while now, this doesn’t mean everyone now has to pay the fee.

You may or may not need to pay the Data Protection Fee

The ICO have a very good guide and self assessment tool which will advise if you need to pay the fee.  We encourage all businesses to undertake this 5 minute test – you can access it here.  Question 7 is the most time consuming and may need some thought or justification, do make a note of any rationale you have used to tick the boxes in case the ICO come knocking at any point in the future, and ask why you didn’t pay the fee – if that’s what you decide to do.

Do contact us if you have any questions about this fee or about your Data Protection compliance in general.  You may also be interested in this blog:

Does your Privacy Policy dop what it should?

We have over 35 years experience in Data Legislation, Data Management and Data Protection.  If you would like to find out more about how we help businesses with their Data Protection compliance please email us or call us on 01635 592020.