Our Client Relationship Director Nathan explains what on earth the ICO is, what it has to do with data protection, and why they may have contacted you recently regarding fees and registration.
Michael says register today!
Recently, you may have received a letter in the post from a Michael Fitzgerald. Within this letter Michael talks about data protection and asks you to register online.
Register for what I hear you cry?! Or perhaps the letter went straight in the bin?
Joking aside this is an important topic.
Who are the ICO?
The Information Commissioner’s Office (ICO) is the UK’s data protection regulator and any business that processes personal information, must register unless exempt (more on this below). The rock ‘n’ roll lifestyle of data protection regulation isn’t cheap, which means on registering, you’re also required to pay a fee.
What’s the ICO data protection fee?
The ICO data protection fee will be £40 or £60 for the majority of business owners and is based upon which tier your company falls into. The registration fees are a relatively small amount compared to the maximum non-registration fine of £4,000. Additionally, the fee is reduced by £5 if you pay via direct debit – brilliant! You can get yourself a pint when the pubs re-open in June.
How does the fee work?
- Tier 1 – Micro. If you have a maximum turnover of £632,000 for your financial year and/or no more than 10 employees, good news you’re in the £40 bracket.
- Tier 2 – Small and Medium. If you have a maximum turnover of £36 million for your financial year and/or no more than 250 employees, you’ll pay £60.
- Tier 3 – Large. If you’re not in tiers 1 and 2, you will fall into tier 3 and for this tier the fee is far more significant at £2,900.
Do I process personal data?
Not sure if you’re processing personal data? To quote the ICO –
“Personal data only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question; or who can be indirectly identified from that information in combination with other information.”
In other words, if someone can take that data and figure out who it relates to – it’s personal.
Note that if any of your customers or suppliers get really bored, the ICO publishes all of it’s fee-paying companies online. It won’t look great if your company isn’t on there and you hold any of their personal data.
Am I exempt?
Below are the lucky businesses who’re exempt from registering with the ICO.
- Public authorities should categorise themselves according to staff numbers only. They do not need to take turnover into account.
- Charities (that are not otherwise exempt) will only need to pay the tier 1 fee, with turnover not considered.
- Small occupational pension schemes (that are not otherwise exempt) will need to pay the tier 1 fee, regardless of size or turnover.
It is also important to note that you are not required to pay the fee if you are processing personal data for any of the following reasons:
- Staff administration
- Advertising, marketing and public relations
- Accounts and records
- Not-for-profit purposes
- Personal, family or household affairs
- Maintaining a public register
- Judicial functions
- Processing personal information without an automated system such as a computer
How do I pay?
To submit your ICO data protection fee, head to the official ICO website.
If it’s the first time you’re submitting a payment, then you’ll need to complete a form. It should take roughly 10 minutes or around 15 minutes if you don’t have the following to hand before starting – your company registration number (if you have one), the number of employees you have, your contact details, and your bank or card details.
Need more information on what personal data is? Read more here.