The Information Commissioners Office (ICO) is currently writing to businesses that are not registered with them to let businesses know that they may need to pay a registration fee – what is this fee and do you need to pay it, even if your business is dormant?

Why register with the ICO?

The Data Protection (Charges and Information) Regulations 2018 require every business (subject to any applicable exemption) that processes personal data to register and pay a fee to the ICO.

In theory, it is easy to self-assess whether registration is required, using the ICO’s online self-assessment tool. The fee currently ranges from £40 to £2,900 depending on the size and turnover of the relevant organisation – the ICO’s online fee assessment tool, advertised as only taking five minutes to complete, will help you to determine which fee tier is applicable to your organisation when you register with the ICO.

Do all organisations need to register with the ICO?

The ICO register currently contains approximately 600,000 businesses. In stark contrast, the register at Companies House lists around 4 million businesses incorporated in the UK at the time of writing. Clearly, not all of these businesses are registered with the ICO – but do they need to be?

Whilst it seems unlikely that they do all need to be registered, the ICO has started writing to businesses, including dormant companies, to advise them that they are not registered with the ICO as a data processor and that a fee is payable. While some businesses will just pay the fee for ease of mind, should they have to?

Many of the 4 million companies on the register have incorporated purely for tax purposes or to secure a priority on a company name (another issue for another day). This means that, in practice, the business may never have traded and may only process the personal data of a single named individual (for example, a sole director). When completing the ICO’s self-assessment tool, such businesses are advised to register and pay a fee.

So what should I do?

With potential ‘failure to pay’ fines of up to £4000, it is in every organisation’s interest to undertake a self-assessment and to seek advice from the ICO in the event that they are unsure whether they need to be on the register.

If you require legal advice or have questions relating to your obligations under data protection legislation, please contact our specialist data protection team who will be happy to discuss your organisation’s needs.