Why have I received an ICO fee letter?

In 2019, we launched a campaign to remind small companies and SMEs of their legal responsibility to pay a data protection fee.

If you have received a letter from the ICO, we hope this came as a useful reminder that you need to either pay your fee or let the ICO know you are exempt, so we can update our records. If you are not sure if you are exempt, you can take an online self-assessment.

Why do I have to pay?

It is the law to pay the fee, which funds the ICO’s work, but it also makes good business sense. Whether or not you have paid the fee could have an impact on your reputation. Paying the fee and being listed on the ICO’s register of fee payers shows that your company take data protection seriously. It is a strong message for your customers – it lets them know that you value and care about their information. It also lets other organisations know that you run a tight ship.

Most companies will only need to pay £40 or £60 a year. For large organisations the fee is £2,900.

If you need to pay and do not pay, you could be fined. Between July and December 2019, we issued 554 monetary penalties to organisations that have not paid the data protection fee.

What do I need to do?

If you received a letter you should act now:

  1. if you need to pay, visit ico.org.uk/fee and click ‘first time payment’ if you have not registered with the ICO before, or ‘renew’ if you have registered before. You must complete the online application before sending your payment. It takes about 15 minutes. You can save time, hassle and money each year by setting up a Direct Debit, which deducts £5 from your fee; or
  1. if you do not need to pay, complete the form at ico.org.uk/no-fee to let the ICO know why your company is exempt from paying the fee.

What do I get if I pay the data protection fee?

The fee funds the ICO’s data protection work. This includes a helpline for organisations who need advice about their data protection obligations as well as the ICO’s website, which contains a range of guidance setting out how to comply with the GDPR, and many tools and resources to help you help yourself in relation to data protection.