All organisations that process personal data are required to register with, and pay an annual data protection charge to the Information Commissioner’s Office (ICO) unless a relevant exemption applies. “Processing personal data” includes simply collecting and storing details of members, teachers, coaches and participants so this does affect a large majority of us, including the smallest organisations.
It is a legal requirement to pay the charge, and failure to do so could result in a fine, but it does also make good business sense as it could have an impact on your organisation’s reputation. Once you have paid, your organisation’s details are published on the Information Commissioner’s register of data controllers.
If you are already registered with ICO, you should receive an e-mail reminder around 6 weeks before your payment is due – but it’s worth checking your entry online and making a note of the renewal date. You can check your entry here
There are three levels of charge payable:
- Micro organisations (including sole traders) pay £40; If you have charitable status, you will always fall within tier 1 regardless of size.
- Small and medium organisations pay £60; and
- Large organisations pay £2,900. Payments made by direct debit will automatically receive an annual £5 deduction.
The ICO have provided a very helpful, easy-to-use online tool to help you determine if payment is necessary: you can find the self-assessment tool on the ICO website.
It is also important to make sure you are paying the correct level of charge – the charge-assessment tool will indicate the level you are required to pay.
If you are a data controller and do not pay the charge, or you pay the incorrect charge when required to do so, then you risk enforcement action by the ICO. The maximum fine is £4,350. Don’t get caught out!