Skip to content

« Back to News

GDPR: Letter from the ICO (Information Commissioner's Office)

By DTA | 24th August 2021 | News

Every organisation or sole trader who processes personal information needs to pay a data protection fee to the ICO, unless they are exempt.

The Information Commissioner's Office (ICO) is the independent supervisory authority set up to promote and oversee compliance with data protection legislation in the UK.

Under the 2018 Regulations, organisations that determine the purpose for which personal data is processed (controllers) must pay the ICO a data protection fee unless they are  exempt. These fees fund the ICO's data protection work, which includes their work under the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA). 

The data protection fee replaces the requirement to 'notify' (or register), which is in the Data Protection Act 1998 (the 1998 Act). The ICO have the power to enforce the 2018  Regulations and to serve monetary penalties on those who refuse to pay their data protection fee. 

In November 2019, the ICO launched a campaign to contact all registered companies in the UK reminding them of their legal responsibility to pay a data protection fee. The move marks the start of an extensive programme to make sure the data protection fee is paid by all those who need to pay it. The letter the ICO are sending to organisations is to help them comply with the law by reminding them to check if they need to pay a fee.

You can quickly and easily find out if your organisation needs to pay the fee by using the self-assessment checker.

Further information available:

Download the Data Protection Fee: Guide for Controllers.

For information specifically for human health and social care organisations

The ICO also have a hub specifically designed for small and medium enterprises which has lots of tips and simple guides that you may find useful SME hub.

Is this a scam?

If you have received a letter from the ICO and you are concerned it might be a scam do NOT follow any of the links on the letter or call any of the numbers in the letter.

 In the first instance go to the ICO's website registration self-assessment page which you can find here. Complete the self assessment and pay the fee if you are required to do so.

See also ICO registration FAQS.

Recent Articles