You’ve received a letter or email stating that you need to pay your annual data protection fee. But what exactly is it?
The Data Protection Act (2018) controls how everyone’s personal information is being used by businesses and the government. It replaces the previous Data Protection Act (1998). Organisations that process personal data are subject to the General Data Protection Regulation (often abbreviated as GDPR) and the Data Protection Act. Under these Acts, there is an annual data protection fee which must be paid (unless the client is exempt*).
As a controller of personal data, it is your duty to ensure that you have appropriate technical and organizational measures in place to implement the principles. So, what are the main principles?
You must ensure that the information is:
- Used fairly, lawfully and transparently
- Kept up to date and adjusted regularly
- Only to be used for specified, explicit purposes
- Not to be kept for longer than necessary
- Handled with care and ensures security against unlawful or unauthorised access, processing, loss, destruction or damage
For companies with an excess of 250 employees, there’s a little extra paperwork. Nothing that you can’t handle! You will need to have documentation as to why people’s information is being collected and processed. This should include descriptions of the information being held (names, phone numbers, dates of birth etc.) and all your security measures to ensure the safety of this data.
What is the next step?
The Information Commissioner’s Office (ICO) is responsible for enforcing GDPR within organisations. They have the power to conduct everything from providing guidance, to fines and even criminal investigations if required. You will need to visit https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/ and answer some simple questions in order to complete a self-assessment, improving your knowledge. You will receive a short report with additional actions and guidance enclosed. If you are not already enrolled, you will need to register in order to pay your fee.
There are three ‘tiers’ when it comes to the fees. Here’s how they are categorized:
Tier One – Micro Organisations
You have a maximum turnover of £632,000 for your financial year or no more than 10 members of staff. The fee for tier 1 is £40 per annum.
Tier Two – Small and medium organisations
You have a maximum turnover of £36 million for your financial year or no more than 250 members of staff. The fee for tier 2 is £60 per annum.
Tier Three – Large organisations
If you do not meet the criteria for tier one or two, you automatically must pay the tier three of £2,900 per annum.
(ICO regards all controllers as eligible to pay the tier three fee unless told otherwise.)
For those of you paying for the first time, here is the link – https://ico.org.uk/for-organisations/data-protection-fee/
The ICO website states that the form will need to be completed in one sitting that shouldn’t take longer than 15 minutes. So please have all the information you will need at hand. You will need your payment details, information about the company you are registering, such as the Companies House number, name, address, numbers of staff and your annual turnover numbers.
We know that keeping on top of a multitude of data can be tricky ant time consuming. Especially when businesses are constantly evolving. But I assure you, that there are benefits! Naturally, ethical and quality information handling, makes good business sense. In turn, you will enhance your businesses reputation, create vocally satisfied customers and employees, increase general confidence in the business, and save time and money, by making sure that information is updated and accurate. All attributes that I’m sure you can agree are priceless.
If you have any questions regarding paying your annual data protection fee, our expert team are more than happy to explain more. Click the green button to book your free consultation with no obligations. Alternatively, call in on 02085300720
*If you only processing personal information for personal, family or household affairs, you are exempt from paying an annual fee. The information must not have any connection to any commercial or personal activity.