Businesses across the UK are being reminded that, if they process personal data, they are subject to a legal requirement to pay the Information Commissioner’s Office (ICO) an annual data protection charge, unless they have a relevant exemption.
Any businesses that fail to pay the correct charge are at risk of a fine of up to £4,350. A list of businesses that have paid the charge is published on the ICO’s register of data controllers.
The amounts that businesses must pay are determined by their size, with micro organisations and sole traders paying £40 a year, SMEs and equivalent organisations paying £60 and large organisations paying £2,900.
Where an organisation pays the charge by direct debit, they will receive a £5 deduction.
There is a tool available on the ICO website here so that organisations can determine whether they are subject to the charge.