ICO Fees: Are You Exempt Or Not?

ICO Fees: Are You Exempt Or Not?

Share this content

What is the Information Commissioner's Office?

The ICO is the UK’s independent authority responsible for upholding the information rights in public interests and data privacy of individuals. To elaborate, the major aim of the ICO is to ensure that the rights of individuals over their own data is duly respected and protected. It further ensures that any business involved in the processing of the data should respect the rights of the individuals.

As an independent regulator, it oversees the different aspects of data protection like providing a forum to register complaints about any privacy concerns, facilitating registration of controllers, providing guidance on data protection and use of technology as well as taking action against those who violate the rights of data subjects or individuals.

What is the requirement of registration?

The requirement of registration is mandatory as per regulation for every data controller who processes personal information. The ambit of the requirement is vast enough to cover most of the organisations in the UK as they assume the role of a controller in one form or the other at some point in business.

Unless exempt, every organisation has to pay a fee to the ICO to register and once registered the controller are required to renew their registration on annual basis. The failure to renew can attract a fine of up to £4,350.

Who is exempt from registering with the ICO?

The scope of the exemption from registration is limited in nature. There are a variety of processing activities for which you need not pay the data protection fees and register -

  1. When processing is done for staff administration purposes.
  2. The processing is carried out for not-for-profit purposes.
  3. The processing activity is related to personal, family or household affairs.
  4. Processing is done to maintain a public register or to perform a judicial function.
  5. Where the processing is not done using an automated system like a computer.

There are a variety of processing operations apart from these examples and so long as the processing remains with the limits prescribed by the regulation then there is no need to register. To confirm the exemption, use the ICO’s self-assessment tool.

If you have received a letter from ICO what to do next?

If you have not paid the fees and have received a letter from the ICO you need to begin with identifying the tier in which your business fits in the three-tier scale explained hereunder -

  1. £40 fee – micro-organisations, with a maximum turnover of £632,000 and no more than 10 members of staff
  2. £60 fee – SMEs, with a maximum turnover of £26 million and no more than 250 members of staff
  3. £2,900 fee – large organisations, with turnover in excess of £36 million and/or more than 250 members of staff

The regulation lays down exceptions for charitable institutions and small occupational pension schemes which are only liable to pay Tier-1 fees irrespective of their size or turnover.

Once you have determined your tier and the respective fees then you can simply pay the fees here. You can avail of a £5 discount if you set up a direct debit.

How to pay the ICO fees?

The payment is done online on the ICO’s website. The first time users can swiftly complete the payment by keeping the following handy to fill the form:-

  1. The registration number of the company
  2. The information about the number of employees in your company
  3. Bank or card details
  4. Contact details of the relevant authority in the company.

Once the payment is completed the ICO lists the details of the company in the data protection public register.


This article does not constitute legal advice in any form and only seeks to break down some of the main points set out by publicly available sources such as the ICO.

December 6, 2021

Frequently asked questions

Do I need to connect all my tools and third parties?

We never have access to any of your data, our platform is able to scan each tool and provide recommendations without needing to access any of the data within those tools.  There's no need for your dev' team to do anything, there are no security risks, just tell us the tools you use and we will do the rest.

What is the scope of my privacy policy?

Our policies are not just about my website or service. Once set up, our platform will help you map-out internal and external processes, such as HR, finance, and more!

Do I need to replace my current policy for the privacy portal?

We recommend replacing your current policy with our policy, this way you’ll remain compliant as your business changes and as the laws update.

Do I need help filling out my details?

Setting up is easy, just follow the on-screen commands and go through a few short steps to add your tools. You don't need any technical ability, anything you don't know the answer to you can ask us via our live chat or add later.

Why can’t I just use a template and add it to my website myself?

A template will not be applicable to your particular business as there are many things to consider for each tool you use. Also the template will not automatically update when changes happen in your business and when changes to GDPR laws are released. This can leave you vulnerable to breaking GDPR laws.

What if you don’t have the tools and third parties that I have?

We have a huge selection of tools pre-loaded and anything you don't see you can add directly from the platform as well as mapping data for any custom software you may use.

Which plan should I choose?

Our Essential Plan is perfect for people just getting started, small businesses, self-employed people and early stage companies. It allows you to get set up and start making your site GDPR compliant. You can move to our pro plan when you grow and your needs become more complex.

Our Pro Plan is aimed at SMEs and is our most popular plan as it includes everything you'll need such as a cookie banner, multiple languages as well as dedicated support.

Our Agency Plan is aimed at businesses that operate with clients needing GDPR solutions. The plan allows you to onboard clients as well as benefit from the Pro Plan for your own site.

Our Enterprise Plan is our most customisable and inclusive plan aimed at large, corporate businesses. We will essentially build you a bespoke plan with full maintenance support, onboarding classes and full company-wide access.

Feel free to get in touch to discuss our GDPR Compliance Software solution.

How easy is it to set up?

Signing up is super easy. The platform will ask you a few basic questions and then you can add your tools - don't worry if you don't know them all, you can come back and add tools at any point. The platform will then generate you the correct privacy policy based on your information, you can there share it directly on your site. That's it!

What size companies is Privasee aimed at?

Privasee has a plan for smaller companies as well as larger enterprise companies. For companies small to medium you can signup directly. For bigger enterprise companies get in touch with your requirements and our team will build you a bespoke plan.

I already have a privacy policy, do I need Privasee?

You have a legal responsibility to keep your policy up to date with every change in legal requirements for every tool you have. With Privasee you are always covered.

Still have questions?

We are here to help