With the tumultuous unfolding of Brexit still dominating, it may have slipped off your radar that the Data Protection (Charges and Information) Regulations 2018 came into force on 25 May 2018 and introduced a data protection charge payable to the ICO by the processors of personal data.
The charge varies between £40 to £2,900 per year depending on the size of your business and your turnover. Most of our members will fall the two lower brackets: £40 of £60. The ICO online tool to work out the size of the fee can be found here:
If the charge is not paid, this may lead to a fine. The current ICO policy is to issue a reminder first. If the charge remains outstanding, a notice of intent will follow allowing 21 days to pay or to make representations. If the charge still remains unpaid, a fine may follow of up to £4,350.
Of course, there are exemptions. If data processing is solely for these purposes, the data processor is exempt:
- Staff administration;
- Advertising, marketing and public relations;
- Accounts and records;
- Not-for-profit purposes;
- Personal, family or household affairs;
- Maintaining a public register;
- Judicial functions;
- Processing personal information without an automated system such as a computer.
The core business activities are exempt, you will say. That is true but if you have CCTV installed, according to the ICO, you will still have to pay the charge in any case. Its current position is that any non-domestic CCTV used for crime prevention purposes, which is the intended purpose in most cases, is not exempt and the data processor will have to pay the charge. The ICO’s self-assessment tool to check if your business is exempt is here: