Should your company pay a data protection fee?
We are aware that the Information Commissioner’s Office (ICO) has been contacting companies to remind them of their legal obligation to pay a data protection fee.
The ICO has confirmed that the UK’s 4.2 million limited companies will receive letters sent to their registered office addresses making them aware of this obligation, which is mandatory for some data controllers.
While the notice implies that all registered companies should pay a data protection fee of £40, some companies will be exempt from this legislation.
Where the processing of data is solely to keep accounts, records of purchases, sales or other transactions, deciding whether to accept any person as a customer or supplier, or making financial or financial management forecasts, the business is likely to be exempt under the Schedule to the Regulations.
However, the ICO has posted on its website that “if you hold personal information for business purposes on any electronic device…it is likely an annual fee payment is due”.
To determine whether or not you are exempt, complete a short questionnaire on the ICO’s website here.
Please be aware that failure to pay the fee in circumstances where no exemption applies may attract a penalty of up to £4,350.