The ICO Data Protection Fee - Have you paid?
The Data Protection Fee
Since the Data Protection Act 2018 came into effect in May 2018, it is a legal requirement for businesses that are processing personal data to register with the ICO and pay a data protection fee unless they are exempt. To find out whether the fee applies, the ICO has a self-assessment procedure. The money collected from fees funds the ICO and its various advisory and investigative services. The ICO does not receive the revenue from any fines paid - these go back to central government. The fee level is determined by the size and turnover of each business and is set by one of 3 tiers ranging from £40 to £2,900 annually. Most organisations will only pay £40 or £60. The fee also applies to charities for which a flat rate of £40 applies.
The ICO is on the case
It may be that some businesses simply don't know about their requirement to register with the ICO and for others, they have simply ignored it or kept the item at the bottom of their 'to do' list. Regardless of the reason, you might be interested to read that in February 2019 the ICO published a list of 35 companies that were issued a Penalty Notice (PN) for non-payment of their Data Protection Fee. The figures for March, April and May are 45, 44 & 40 respectively (correct as at 17 August 2019). The lists can be found at ICO Penalty Notices for non-payment of registration fee. Please note that for privacy reasons the ICO does not include any sole traders or partnerships where individuals are identified. Neither do they publish the names of those organisations that appealed their PN, unless the appeal is withdrawn or the Tribunal decides that the PN should not have been issued.
I do not know why the listed businesses have been targeted but it serves as a useful reminder for businesses to check their status. The register of those businesses that have registered is public and is available on the ICO website. It follows that it's very easy to spot which businesses have not paid - of course some may have paid but are awaiting their certificate.
Check Your Status
If you are not sure, or you want to find out if you are liable for registration, I strongly advise you visit the ICO website to conduct your own registration self-assessment. As always, I am happy to advise members of the Norfolk Chamber of Commerce on data protection matters - just get in touch via datamardler.co.uk.
Phil Brown, CJ International Services Ltd operating under Norfolk's Data Protection Mardler