ICO Register & Payment Tiers
The Data Protection Act 2018 requires every organisation or sole trader that processes personal information to register and pay a data protection fee to the Information Commissioner's Office (ICO), unless they are exempt.
What is the ICO Data Protection Register?
The register is a public database maintained by the ICO listing all registered organisations. Being on the register shows that your organisation is committed to data protection compliance and has paid the statutory fee.
The Three Payment Tiers
The fee amount you are required to pay depends on your organisation's size, turnover, and whether you are a public authority. The fees are divided into three tiers:
Tier 1: Micro / Small Organisations
Fee: £40 per year (£35 if paid by Direct Debit)
Applies if you have:
- Maximum of 10 employees (staff count), OR
- Maximum annual turnover of £632,000.
Tier 2: Medium Organisations
Fee: £60 per year (£55 if paid by Direct Debit)
Applies if you do not qualify for Tier 1 and have:
- Maximum of 250 employees (staff count), OR
- Maximum annual turnover of £36 million.
Tier 3: Large Organisations
Fee: £2,900 per year (£2,895 if paid by Direct Debit)
Applies if you have:
- More than 250 employees (staff count), AND
- Annual turnover of more than £36 million.
Are there any exemptions?
Some organisations are exempt from paying the fee, including organisations that only process personal data for:
- Staff administration (payroll, pensions).
- Advertising, marketing, and public relations for their own business.
- Accounts and records (invoicing).
- Some non-profit/charitable organisations.
Check your obligations
To determine if you are exempt or to assess which tier applies to your organisation, use the official ICO self-assessment fee checker: