Manufacturers among first to be fined for failure to pay data protection fee and register details with ICO | EEF

Manufacturers among first to be fined for failure to pay data protection fee and register details with ICO

Subscribe to Business Support news feeds


The Information Commissioner’s Office (ICO) has just issued the first fines for failure to pay a data protection fee and provide details for inclusion in the ICO’s register of fee paying data controllers under new rules which came into force in May 2018. The ICO has made clear that organisations in the Manufacturing sector are firmly on its radar and are among the first to be pursued for non-payment.

New data protection fees

Every organisation that processes personal information is required to pay a fee to the ICO (subject to limited exemptions) and provide certain information, some of which will be published on a publicly accessible data protection register. This includes:  

  • the name and address of the controller
  • the data protection registration number;
  • the level of fee paid (i.e. Tier 1,2 or 3 – see table below for further details);
  • the date the fee was paid and when it is due to expire;
  • any other trading names of the organisation;
  • the contact details for the Data Protection Officer, if there is one; and
  • the name of the Data Protection Officer, if there is one and provided that they have consented to giving their name.

Regulations which came into force alongside the new UK Data Protection Act 2018 (DPA 2018) on 25 May 2018 introduced the new data protection fee regime to replace the former data protection registration system under the Data Protection Act 1998 (DPA 1998).

Under the new system, the annual data protection fee level (and applicable fines for not paying the fee) will depend on the size and turnover of the organisation.





1 (Micro)

Maximum turnover of £632,000 or no more than ten members of staff



2 (SME)

Maximum turnover of £36 million or no more than 250 members of staff



3 (Large)

Those not meeting the criteria of Tiers 1 or 2.



Aggravating factors can also lead to an increase in a fine for non-payment of the data protection fee up to a maximum of £4,350.

There is a £5 discount for payments by direct debit, so for very small organisations the fee won’t be any higher than the £35 they paid for data protection registration under the old DPA 1998 scheme. By contrast, the Tier 3 fee is substantially more than the highest fee under the DPA 1998 registration scheme (£500).

Organisations that have a current data protection registration under the DPA 1998 regime do not have to pay the new fee until that registration expires.

However, the ICO has recently issued a press release which stated that manufacturers were among the first organisations to be fined for not paying the new data protection fee. According to the ICO, fines were imposed where they were left with “no option” following numerous attempts to collect the fees via a “robust collection process”.

What action should you take?

We recommend that manufacturers who have not already done so check that their current registration is up-to-date and ensure that they pay the fee required under the new rules as soon as that registration expires. You can check your renewal date by searching the ICO register.

How EEF can help

Our hugely popular GDPR seminar series continues throughout January 2019. The latest instalment, Practical GDPR for HR professionals: what will change in your day job?, explains how the GDPR and DPA 2018 will affect everyday HR activities and provides detailed guidance on responding to Subject Access Requests and reporting personal data protection breaches.

HR Handbook review

Start 2019 with up to the minute policies and procedures - ask your EEF advisor about our HR handbook review and re-new service. We’ll future proof your employment handbook to take into account the latest developments (including GDPR).

For more information, speak to your EEF adviser, email or call 0808 168 5874.


HR & Legal Advisor

Other articles from this author >
training spotlight image 2 Discover our HR & employment law training

We help ensure you're compliant and effective.

Read more >
GDPR-290x217 Practical GDPR for HR professionals: what will change in your day job?

This practical seminar looks at the impact of the new data protection law on typical situations faced by HR during the employment lifecycle, from recruitment to termination.

Learn more >
Team image - business support Meet our business support team

Our business support teams offer you advice, consultancy and training. Take a look at some of experts.

Read more >
Online payments are not supported by your browser. Please choose an alternative browser or make payments through the 'Other payment options' on step 3.