What is the data protection fee for? Why do you need to pay the ICO fee and where does the fee go? We help you understand the ICO data protection fee and why it’s required.
Although it might be hard to believe, the data protection fee is actually a good thing! Hopefully be the end of this article we’ll have you convinced...
Why does the ICO charge a fee?
The data processing fees are the ICO’s income. Many people think that data breach fines help to swell the ICO’s coffers but that’s not true: all fines and penalties charges go straight to HM Treasury.
In the 2017/18 financial year, the ICO’s fee income was £21.3 million. The following year, that had increased to £39.3 million. The figures for the latest year aren’t available yet, but it’s likely there will be another significant increase in the ICO’s income from fees.
What does the ICO spend the data protection fee on?
The ICO regulates more than just the General Data Protection Regulation (GDPR), it covers several aspects of data, information and privacy protection: GDPR, PECR (Privacy & Electronic Communications Regulations) and Freedom of Information. The funds it gathers through fees help to fund all their work.
This benefits all of us: because the ICO helps to ensure that all companies, charities and government organisations handle information in a responsible and professional manner.
In recent years, the ICO has investigated some pretty serious issues, for example the Cambridge Analytica scandal, where a company took people’s information from Facebook without authorisation, to do in-depth profiling of voters. While the ICO secured a £500,000 fine from Facebook, the money went to HM Treasury and the ICO had to fund its own legal costs in the case.
The ICO also funds grants to develop new ways of helping businesses protect data, including a “regulatory sandbox” where it works out how to responsibly regulate new technologies, like machine learning and Artificial Intelligence (AI).
Whose side is the ICO on?
Yours and mine (as individuals)! The ICO enforces our rights to have our data managed properly and helps to ensure that our rights are protected.
Of course, as a business owner it can feel like the ICO is the ‘data police’. But remember: it’s simply a case of the ICO making sure that your business discharges its responsibilities properly to protect individuals’ data rights.
Is the ICO data protection fee going to increase?
It’s too early to say right now, but it’s likely the fees will stay in place at a similar level in the future. If half the small businesses in the UK paid a data protection fee, the ICO’s income could be well over double what it is now - enough to fund some strong enforcement and provide new support to businesses too.
The ICO can do much more with proper funding, including helping businesses get data protection right more consistently and helping to level the playing field for all businesses.
Did you receive a letter from the ICO?
You might have received a letter from the ICO recently asking you to pay your data processor fee. If you’ve never heard of the ICO before, or know what the fee is about this might come as a bit of a shock - especially when the letter mentions the risk of penalty charges for not paying the fee!
Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance you need to become and remain compliant with data protection legislation. Find out more about our services.
Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.
Protect your business - become and remain GDPR compliant with Astrid
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.