Guide to GDPR (General Data Protection Regulation)

The GDPR came into force on 25th May 2018. The data protection legislation sets out the requirements businesses must meet in order to protect the personal data and privacy of those whose data they hold in their records.

The Information Commissioner’s Office (ICO) has produced this guide to compliance. It includes a 12 step guide and a self-assessment toolkit.

Introduction to GDPR

The GDPR came into force on 25th May 2018. The data protection legislation sets out the requirements businesses must meet in order to protect the personal data and privacy of those whose data they hold in their records.

ICO Data Protection Fee

The Information Commissioner’s Office (ICO) is the UK regulator for data protection. By law, under the Data Protection (Charges and Information) Regulations 2018, organisations that handle personal information electronically, such as people’s names and addresses, must register with the ICO and pay the annual data protection fee, unless they qualify for an exemption.

Who Needs to Pay the Fee?

The obligation to pay the fee is determined by how your organisation uses personal information for work purposes. For example, if you store personal information on a computer or phone, you must check whether you need to pay the data protection fee. If you use CCTV or dashcams, you are likely to need to pay.

Fee Amount and Applicability

The fee amount is based on your organisation’s nature, size, and turnover. For those with 10 or fewer employees, the fee is currently £40 per year. The data protection fee applies to all organisations, from sole traders and independent practitioners to small businesses and charities, all the way up to global multinationals.

Purpose of the Data Protection Fee

The data protection fee funds the ICO’s work, which includes giving organisations practical tools that empower them to use people’s information responsibly and transparently. In turn, this enables the public to exercise their information rights.

Consequences of Non-Payment

It’s important to pay the data protection fee, unless you’re exempt, to avoid a fine of up to £4,000.

How to Determine if You Need to Pay

You can use the ICO’s online self-assessment, which will guide you through some questions about how your organisation uses data, to determine whether you need to pay. Follow these simple steps:

Use the following link to check if you need to pay, or if you are exempt: ico.org.uk/fee-checker.

Follow the instructions to register and pay the fee if you need to.

Additional Resources

For more information about the fee, you can read the ICO’s frequently asked questions on their website: ico.org.uk/dpfee-faq.

Alternatively, you can speak to the ICO fees team via live chat on their website, or call their fees helpline on 0303 123 1113.

The ICO has a range of handy guides, tools, and checklists to help organisations use people’s information confidently and comply with data protection law. You can access these on the ICO’s web hub for small organisations: ico.org.uk/sme.