Firms set for 37% increase in annual ICO fees


Ministers reveal proposals for updated funding model for the UK’s data protection regulator, with businesses to be asked to pay as much as £1,000 extra per year for registration services

The government has proposed an updated regime of annual fees payable by organisations processing sensitive personal data, with current prices set to be hiked by 37%.

To support the operations of the Information Commissioner’s Office, data processors are required to register with the data-protection regulator and pay an annual levy based on their size.

The smallest firms, including those with a maximum of 10 employees or revenue of no more than £632,000, are currently obligated to pay £40 each year. This rises to £60 for organisations with up to 250 staff or turnover of less than £36m.

Those in the top tier, comprised of all data-processing businesses which exceed these criteria, must pay the ICO £2,900 each year under the current set-up.

For all three levels, the government is proposing a rise of between 37% and 37.5% to these fees – to be implemented from next year onwards.


Related content


This equates to yearly payments of £55 for micro-organisations  and £82 for bigger SMEs. The government claims that 99% of all fee-paying data-processors are contained within these two brackets.

The remaining 1% that constitute the top tier will see their annual charges increase to £3,979.

Before going ahead with these changes, the government is conducting a public consultation process, with stakeholders inviting to respond until 26 September.

In a ministerial foreword launching the feedback process, secretary of state for science, innovation and technology Peter Kyle said that “these fees have not risen in line with inflation since their introduction in 2018, meaning the ICO today is delivering the same level of statutory responsibilities with significantly less real-term income”.

He added: “They also do not take into account the ongoing investment the ICO has needed to make in its capabilities over the last six years – and which it will need to continue making – to ensure it can regulate effectively in the rapidly evolving era of digital technologies and AI. An uplift in fees is overdue.”

Kyle said that supporting the work of the watchdog is particularly important in the context of the new government’s five core missions, for which “there is one [factor] that will underpin them all: data”.

“How we harness data, the opportunities it creates, and the innovations it makes possible will be critical to realising our goals across the missions – whether that is driving productivity across the economy, transforming public services like the NHS or schools, or identifying how to improve opportunities and outcomes for our children,” the cabinet minister added. “Much of the data we need to use to achieve these outcomes will be personal data. That is why it is essential that we have a regulatory environment that enables data to be used safely and confidently, underpinned by the highest standards of data protection. And it is why the work of the UK’s independent data protection regulator, the ICO, is so important.”

Data released several months ago by ministers in the previous administration showed that, since the introduction of the GDPR regime, the number of data-processing organisations registered with the ICO has risen by 160% – from fewer than 500,000 to almost 1.2million.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *