Under the Data Protection, Act 2018 any business, organisation or sole trader that processes personal data needs to register with the Information Commissioner’s Office and pay a data protection fee unless they are exempt.
The ICO recently ramped up their campaign to contact all registered organisations in the UK to remind them of this obligation.
“Personal data” is any data that relates to a living person who can be identified from that data.
Paying the data protection fee is a legal requirement and failure to do so can lead to fines of up to £4000; registration needs to be renewed annually: the cost of registration varies according to the size of the organisation.
To apply for registration with the Information Commissioner takes about 15 minutes. You will need to be able to provide details about your organisation, your Companies House number if you have one and a general description of the personal information your data controller is processing.
Once you have registered the ICO will list you as a fee payer on their website, showing you are aware of your data protection obligations. Some organisations who are exempt still choose to pay the registration fee so they can be placed on the ICO’s list.
If you have received a letter from the ICO about your unpaid data protection fee, and you know your organisation is exempt from paying, you must inform the ICO so they can register your exemption claim and stop writing to you. You can register your exemption here.
A self-assessment checker can be found on the ICO’S website to help businesses decide if they are exempt from registration.
You can also find a number of resources for businesses to help you stay GDPR compliant.
Disclaimer: The information in this article is provided for general information only and does not constitute legal or professional advice. We cannot accept responsibility or liability for any actions you may take, or not take, based on this information.