All businesses (including sole traders and partnerships) that process personal data are required to pay an annual data protection charge to the Information Commissioner’s Office (ICO) unless a relevant exemption applies. It is a legal requirement to pay the charge, and failure to do so could result in a fine, but it also makes good business sense as it could have an impact on your business reputation. Once you have paid, your business details are published on the Information Commissioner’s register of data controllers.
There are three levels of charge payable:
1. Micro organisations (including sole traders) pay £40;
2. Small and medium organisations pay £60; and
3. Large organisations pay £2,900.
Payments made by direct debit will automatically receive an annual £5 deduction.
In order to determine if payment is necessary, you can use the self-assessment tool on the ICO website. It is also important to make sure you are paying the correct level of charge – the charge-assessment tool will indicate the level you are required to pay.
If you are a data controller and do not pay the charge, or you pay the incorrect charge when required to do so, then you risk enforcement action by the ICO. The maximum fine is £4,350.