The Information Commissioner’s Office launched a campaign on Tuesday 3 December 2019 to contact organisations who have not yet paid their annual data protection fee.
The data protection fee replaced the requirement to notify the ICO under the previous Data Protection Act 1998 and now, organisations that act as controllers when processing personal information must pay a fee on an annual basis, unless they are exempt. For most practices, this fee will be £40 (reduced by £5 if paid by direct debit), the fee amount that needs to be paid can be checked via the self-assessment tool on the ICO website.
As part of their campaign, the ICO have sent out a template letter in the post to organisations they have identified as not yet having paid their fee, warning them of the consequences of non-payment which includes fines of up to £4000.
Unfortunately, this type of campaign can trigger copycat scams, so if your practice does receive this letter, we recommend that you first check if you have paid and if you haven’t, you can take the self-assessment to check the fee you should be paying and then pay online at the ICO website.
If the letter asks you to pay a defined sum (rather than instructing you to use the ICO’s calculator) or instructs you to pay any other way than via the ICO’s website, the letter is most likely a scam.
Last updated : 16 Dec 2019