Update on UK ICO fees for data controllers

Written on 9 Dec 2019

On 3 December 2019, the Information Commissioner’s Office (ICO) announced a new campaign it has launched to remind registered companies in the UK of their obligations to pay a data protection fee if they process personal data subject to the EU General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018 (DPA).  The new payment requirements were introduced into law in the UK at the same time as GDPR and the DPA, pursuant to the UK’s Data Protection (Charges and Information) Regulations 2018 (the Charges Regulations).

As a result, if your organisation has not paid a data protection fee, you may have received (or might soon receive) a letter from the ICO requesting payment.

Osborne Clarke previously provided a useful summary guide to the ICO's new data protection fee regime, which is a good place to start if you are unsure if your company is liable to pay a data protection fee, or whether it might be exempt from doing so under the exemptions set out in the Charges Regulations.

More detailed information can be found in the ICO's guidance on data protection fees, and you can use the ICO's self-assessment tool to determine if your organisation needs to pay. If you are eligible to pay a fee, the ICO has also developed a fee assessment tool to help you establish how much your organisation is required to pay.

If you are having difficulties establishing whether you are required to pay the ICO a data protection fee in respect of your organisation's activities, please contact one of the authors or your usual Osborne Clarke contact.