The Data Protection Fee: does your company need to pay?

The Information Commissioner’s Office (ICO) has launched a campaign to contact all registered companies in the UK reminding them of their legal responsibility to pay a data protection fee.

Under the Data Protection Act 2018 organisations processing personal information are required to pay a data protection fee unless they are exempt.

The cost of the data protection fee depends on a company’s size and turnover. There are three tiers of fee ranging from £40 and £2,900, but for most organisations it will be £40 or £60. The cost is reduced by £5 if you sign up by direct debit.

Use this self-assessment tool to check to see if you need to pay anything but if you hold personal information for business purposes on any electronic device it is likely that an annual fee payment is due.

Since the new annual data protection fee was introduced in May 2018, over 600,000 organisations have registered to pay it, giving them access to the range of services and support provided by the ICO to help them to comply with the law and give their customers, clients and suppliers trust and confidence in the way they process personal information. At the same time, between 1 July and 30 September 2019, the office issued 340 monetary penalties to organisations that had not paid the Data Protection Fee.

The ICO is warning companies to be aware of scams relating to payment of the data protection fee. If you’ve received a letter, text message, email or telephone call from the ICO and want to check that it’s genuine, please search ‘ICO fee’ using your usual search engine. Follow the top results to website links which begin with, and this will bring you to the ICO official website.

Call Now Button