Paul Arnold, ICO Deputy Chief Executive explains to small businesses why they need to pay the data protection fee.
Businesses that process personal data have to pay a fee to the data
protection regulator, the Information Commissioner’s Office.
It’s the law to pay the fee, which funds the ICO’s work, but it also makes good business sense. Because whether or not you’ve paid the fee could have an impact on your reputation.
When you’ve paid, your business is published on our register of data controllers. Members of the public and other companies check that list before they decide to do business.
We speak to thousands of people and organisations every week and it’s clear that being on the register tells others a lot about you.
It’s a strong message for your customers – it lets them know that you value and care about their information and that you’re more likely to keep it secure and not share it inappropriately.
It also lets other organisations know that you run a tight ship and that you’re aware of your data protection obligations. It indicates that you’re more likely to take your other data protection responsibilities seriously too. It’s a reassurance for those thinking of doing business with you.
For most organisations, the fee is either £40 or £60 a year depending on your turnover and how many people you employ.
If you’re not sure whether you need to pay, you can check here.
There’s another good business reason to pay too. If you need to pay and don’t you will be fined. Fines range from £400 to £4,000 and since May, when the current law came into effect, we’ve issued 103 penalty notices to companies for failing to pay.
We publish a summary of this enforcement action which we will be sharing regularly through social media and in our e-newsletter. This will include publishing the names of organisations we fine on our website.
Paying the data protection fee is important because it funds our work providing advice and guidance about how to comply with the law. Things like our online guidance, our telephone helpline and our digital toolkits.
Fines do not fund the ICO. They are paid to HM Treasury.
We know that time is money, especially for a one-person business or a small organisation, so we’ve made it as easy as possible to pay. You can do this online and it only takes 15 minutes to complete the process.
If it avoids you paying a fine and protects your reputation, we think that is time well-spent.
Paul Arnold, Deputy Chief Executive Officer/Executive Officer is responsible for the ICO's internal support and compliance functions as well as our high volume customer services. Paul leads departments responsible for IT, Information Governance, Business Development and Change Management, Organisation Development and Customer Contact.