The ICO fee


Often, in our capacity as a corporate secretariat, MSP is asked why companies are receiving the data protection fee from the Information Commissioners office (ICO). The purpose of this blog is to give interested parties some background as to what this ICO fee is, how much it may cost and the importance of complying in a timely manner.  


The fee pays for the running of general data protection services provided by the ICO. This is intended to ensure personal data is being processed properly and in accordance with the law. It may be the case you are reading this blog as your organisation has received a letter from the ICO.  This is normal, in the first instance it is simply a reminder of your requirement to pay and informs you of the date by which payment should be made. 

How much is the ICO fee? 

The exact fees are set by Parliament and are what Parliament believes to be appropriate based on the risks posed by the processing of personal data by controllers.  

There are three tiers of fees that range between £40 and £2,900 with the your company’s fee depending on the size of your organisation, your turnover, and the type of organisation. Those tiers are; 

Tier 1 – these are Micro-organisations who either have a maximum turnover of £632,000 per annum or have no more than 10 employees.  

The fee for tier 1 is £40 per year 

Tier 2 – These small and medium sized organisations that have either a maximum turnover of £36 million per year or no more than 250 staff.  

The fee for tier 2 is £60 per year 

Tier 3– Large corporations, which simply exceed the parameters of the 1st and 2nd tiers.  

The fee for tier 3 is £2900 per year 


Who pays the ICO data protection fee? 


Every organisation or sole trader who processes personal information needs to pay a data protection fee to the ICO, unless they are exempt. 

One such exception of the ICO fee is if your company is currently registered under the Data Protections Act of 1998 (DPA 1998), in this case you will not need to pay until this registration expires. Additionally, if the organisation is a public authority, the tier that they pay will be assessed only by the number of staff and not the yearly turnover. Charities and small pension schemes will also only be considered as a maximum of tier 1, regardless of whether they exceed the previously stated limits. No VAT is paid in addition to the fee and a £5 discount is granted if payment is set up in the form of a yearly direct debit. 

If your organisation is a limited company operating from several locations you will only need to pay the fee once, so long as they are all part of the same legal entity. If this is not the case, and each branch is operating independently, you may need to pay for each separate company.   


The importance of the ICO fee 

 The payment of the data protection fee is a legal requirement for all organisation unless you are exempt. If an organisation fails to pay the full fee that they are meant to, they may face significant fines with the maximum being £4,000. In the final half of 2019, 554 of these fines were given out.  For this reason, it is important for companies to comply with the payment instructions without delay.  

If you are still unsure whether your organisation is required to make a pay the fee, the ICO have prepared a short self-assessment tool available on their website to aid in your decision making. Alternatively, they have a dedicated helpline on which to contact them.   


MSP corporate secretariat  

 This question is one example of the legal compliance issues that MSP assists clients with on a daily basis. As the questions become more complex, so too will the legal advice in response. As such, having an approachable, experienced company secretary that you trust is vital for the smooth running of a business. It is one of the many ways MSP can benefit your company.  To find out more about how we can help you, send us an email (below) so we can discuss your needs and tailor a package specifically for you and your company.  

Contact us at