Data protection fee needs to be paid

ICO sets out clear message to those who do not pay the data protection fee by enforcing fines.

From 25 May 2018, it is required by the Data Protection (Charges and Information) Regulations 2018, for each organisation who process personal information to pay a data protection fee to the Information Commissioner’s Office.

The ICO stated:

“Last year we began taking action against organisations for non-payment of the data protection fee, sending out a clear message that those who didn’t pay risked a fine.”

“The recent dismissal of the first appeal of a fine for non-payment of the fee by Farrow and Ball sends a further message, loud and clear, that there is no excuse for non-payment.”

Farrow and Ball had been fined £4,000 for failing to pay the fee, and had appealed the fine on the grounds that the person responsible was on holiday. The first-tier tribunal accepted that there had been an oversight by the company, however measures should have put in place to prevent this from happening.

“Data controllers are given adequate opportunity to pay the fee to the ICO before they are issued with a fine. Being on holiday is no excuse.

“However we consider any reasonable representations from organisations in response to our notices of intent to serve a penalty.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.