If you do need to pay, the online form will ask for your sector. You can choose, but are not limited, to:
- Education and Childcare, Training Company, Training Company
- Charitable and Voluntary, National Charity, Citizens Advice Bureau
- Local Government, Representative and Arm’s Length Body, Fire Service
- Membership Association, Club, Club/Society (Charitable)
- Membership Association, Club, Membership Club (Commercial)
- Social Care, Social Services, Community Rehabilitation Company
- Social Care, Social Services, Independent Social Worker
- Social Care, Domiciliary Care, Domiciliary Care
- Social Care, Residential Care
- General Business, Business Advice and Consultancy, Consultant
- General Business, Security, Security Company/Provider
- General Business, Supplier of services, Other
Frequently asked questions
I have CCTV on my business premises for crime prevention reasons – do I need to pay a fee?
Yes. Images of people caught on camera is their personal data. If you record these images to prevent crime, and crime prevention is not the purpose of your business, then you need to pay.
I operate a security system service where I install, repair and monitor security equipment such as CCTV for my clients. Do I need to pay a fee?
Yes, you are required to pay a data protection fee if you provide a monitoring service. However, if you only install and repair the equipment you are not required to pay a fee. It is the responsibility of the organisation where you have installed the security equipment to determine if they are required to pay a fee.
Does a fire, security and rescue company need to pay?
If you are providing consultancy, training and monitoring of alarm systems and CCTV which includes personal information, you would be required to pay a fee.
If you are providing a service, such as a fire risk assessment service which includes processing personal information, you are required to pay a fee.
If you have CCTV for the purpose of crime prevention on or in the premises this would require your company to pay the fee.
I offer training – do I need to pay?
Yes, if you are providing advice and creating bespoke training solutions to suit the client which includes personal information, you would be required to pay a data protection fee.
I am a tutor – do I need to pay?
If you have set up a company and keeping educational records on your students’ progress this would require a data protection fee.
You are not required to pay a fee if your company is only for the purpose of your own accounts and payments.
Does a company offering healthcare, supported living, educational and other social services need to pay a fee?
If you provide any of these services to individual clients you would be required to pay a fee.
We are a housing association – do we need to pay?
Yes, just like other types of rental and letting agents the data you are processing; such as rental agreements and payments and maintenance requests, would require a fee to be paid.
We are a society/association and we hold information about our members – do we need to pay?
The administration of membership records is not an exempt purpose for processing personal data and would require a fee to be paid.
However if you are set up as a not-for-profit organisation, please take our self-assessment tool to see of you are required to pay the fee.
If you have CCTV for the purpose of crime prevention on or in the premises this would require your company to pay the fee.
How do I know if my company can claim the not-for-profit exemption – we don’t make a profit?
To meet the criteria for the not-for-profit exemption the organisation must:
- be established as a not-for-profit organisation, which may be stated in your constitution/articles
- only process information necessary to establish or maintain membership or support
- only process information necessary to provide or administer activities for people who are members of the organisation or have regular contact with it
- only hold information about individuals whose data you need to process for this exempt purpose
- the personal data you process is restricted to personal information that is necessary for this exempt purpose
- only keep the information while the individual is a member or supporter or as long as necessary for member/supporter administration
The organisation would not be exempt:
- if you are responsible for CCTV
- if you provide additional services outside of the organisations aims/objectives that can’t be covered by the other exemptions
- if you trade and share in personal data
My organisation is a registered charity – do I need to pay?
This would depend on what personal data you were processing and why. A registered charity would only pay the lowest fee tier of £40. Our self-assessment tool will help you determine if you are required to pay a fee.
We are a community interest company – do we need to pay?
Community interest company’s are unlikely to able rely on the not-for-profit exemption and you must determine which level of fee you are required to pay.
You can complete the self-assessment tool to determine this.
I offer consultancy services – do I need to pay?
Yes, providing consultancy and advisory services to individuals or partnerships, is not an exempt purpose of processing personal data and you would be required to pay a fee.
My company is dormant – do I need to pay?
It depends. If your business is dormant and you are not processing personal data electronically, then you’re not required to pay the fee.
However, some businesses and professionals are required to retain some personal data after they cease trading or practicing, as required by industry guidelines. If this applies to you then you probably will need to pay.
Please visit our self-assessment tool to check.
I’m unsure if I am data controller or a data processor – how do I determine this?
It is essential for organisations involved in the processing of personal data to be able to determine whether they are acting as a data controller or as a data processor in respect of the processing. This is particularly important in situations such as a data breach where it will be necessary to determine which organisation has data protection responsibility.
You may find the following guidance useful:
To determine whether you are a data controller you need to ascertain which organisation decides:
- to collect the personal data in the first place and the legal basis for doing so;
- which items of personal data to collect, i.e. the content of the data;
- the purpose or purposes the data are to be used for;
- which individuals to collect data about;
- whether to disclose the data, and if so, who to;
- whether subject access and other individuals’ rights apply i.e. the application of exemptions; and
- how long to retain the data or whether to make non-routine amendments to the data.
We can only provide guidance and advice, ultimately it is the Data Controllers decision as to whether a registration is needed.
I have received a letter for one of my companies, however, I have a group of companies. Can I do a group registration?
It isn’t possible to have a group entry on the public register of data protection fee payers. Each individual company, if it is a data controller and a separate legal entity e.g. has a separate companies house number, would be required to pay a data protection fee unless an exemption applies.
I have a dashcam on my business vehicle – do I need to pay the fee?
If you have a dashcam that you use for work purposes on a vehicle that you use for work – even if you own the vehicle - then you will need to pay a data protection fee. Again, images of people recorded on camera – even when in their cars - will be their personal data.
More information
There is more information about the data protection fee on our website.
There is also lots of information for sole traders and smaller businesses on our SME web hub, to help you understand data protection and how it can help you safely make the most out of the personal data you hold.