If you’re already registered with the ICO for data protection you may well receive an email when your renewal comes up explaining the information as below. This is what we received.
Changes to the law
The Data Protection (Charges and Information) Regulations 2018 requires every organisation or sole trader who processes personal information to pay a data protection fee to the ICO, unless they are exempt.
Changes to the fee
Under the new regulations, you must still pay an annual fee, depending on your size or turnover, but this will now be £40, £60 or £2900. VAT is nil in all cases.
(They will tell you which of the amounts is most suitable if you are renewing).
Changes to the sanction – Failure to Pay
Failure to pay the data protection fee will be addressed through a fixed penalty.
If you process personal data for any of the non-exempt purposes and you either don’t pay the fee, or you don’t pay the correct fee, you will be breaking the law and could be fined up to £4,350 (on top of the fee you have to pay).
It is important that we receive all payments or cancellation requests on time, as 14 days after expiry, we will send notice of our intention to issue a fixed penalty notice, which you will have the opportunity to respond to.
Changes to the information we collect
Under the new regulations, you no longer have to tell us about the personal data you process. However, if you are required to have a Data Protection Officer (or you otherwise choose to appoint one), you should tell us about this, preferably at the same time as you pay your data protection fee.
To find out if you need to appoint a Data Protection Officer please see our Guide to the GDPR – Data Protection Officers.
For more information about any of the other changes described in this email, please see our Guide to the data protection fee.