Data protection fee regime: government response
Updated 16 January 2025
© Crown copyright 2025
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/consultations/data-protection-fee-regime-proposed-changes/outcome/data-protection-fee-regime-government-response
Executive summary
The government undertook a consultation on proposed changes to the data protection fee regime, which is set out in the Data Protection (Charges and Information) Regulations 2018, in accordance with Sections 138(1) and 182(2) of the Data Protection Act 2018.
The consultation ran between 29 August and 3 October 2024 and sought views on proposals to increase, for the first time since 2018, the fees payable by data controllers to the Information Commissioner’s Office (ICO) by 37.2%, to take account of inflationary increases and in order to provide the ICO with necessary funding to discharge their legal responsibilities. The consultation also invited views on whether other aspects of the regime, namely the criteria for determining fees payable, the discount for Direct Debit payment and the current exemptions from the requirement to pay a fee, remained appropriate.
This document sets out the government’s response to the consultation and outlines next steps. We received a total of 103 responses, including the ICO’s own response. There was some recognition that the ICO should be sufficiently resourced to deliver their responsibilities and to provide the regulatory support that organisations need. There was also some acknowledgement that the fees had not been increased since 2018.
Some respondents noted the need for more clarity on how the increased fees will deliver value for money for fee paying organisations, and how resources will be allocated to improve the level of service provided by the ICO and reduce the cost of complying with data protection regulation. There was also concern from some about increasing fees in the current economic climate, particularly for micro and small businesses and public sector bodies. We have shared feedback with the ICO on areas where respondents felt their service could improve.
The government has considered the feedback received alongside the need to provide the ICO with financial stability to support organisations to comply with their data protection obligations and seize the opportunities provided by the safe and responsible use of data. In this government response, we have tried to address the variety of concerns raised by respondents, as well as set out our policy intention and next steps.
After detailed analysis, the government has decided to:
- introduce legislation to increase the data protection fees across all tiers by 29.8%, as set out below in the table;
- retain the existing three-tier structure, including the applicable criteria for determining fees payable;
- retain the £5 discount applicable to Direct Debit payments across all tiers; and
- retain the current exemptions from the requirement to pay a fee.
Table 1: Data protection fee increases
| tier | current fees | new fees |
|---|---|---|
| 1 | £40 | £52 |
| 2 | £60 | £78 |
| 3 | £2,900 | £3,763 |
Introduction
The ICO has an important, complex and wide-ranging mandate. In addition to being responsible for the regulation of personal data protection, it is empowered to take regulatory action under other legislation, including the Freedom of Information Act 2000 and the Network and Information System Regulations 2018. The Department for Science, Innovation and Technology (DSIT) is the sponsoring government department for the ICO.
The ICO’s statutory responsibilities in relation to data protection legislation and privacy and electronic communications are funded through the data protection fees charged to data controllers as set out in the Data Protection (Charges and Information) Regulations 2018 (‘the Charges Regulations’). The ICO’s other regulatory responsibilities outside of data protection are funded by grant-in-aid from the government.
There are currently three tiers of fees payable annually by data controllers, based on the size and turnover of organisations. A £5 discount applies to payments made by Direct Debit across all tiers
- tier 1 (micro organisations - maximum turnover of £632,000 or no more than 10 members of staff): £40
- tier 2 (small and medium organisations - maximum turnover of £36 million or no more than 250 members of staff): £60
- tier 3 (large organisations which do not meet criteria for tier 1 or 2): £2900
As the fees are set in statute, making any changes will require legislation. In amending the fees, the Secretary of State for Science, Innovation and Technology has a statutory duty to have regard to the desirability that fees payable to the ICO are sufficient to offset the costs incurred by the regulator in discharging its functions.
The current fee regime, including the level of charges payable by data controllers, has remained unchanged since its introduction in 2018. A review of the fee regime conducted during 2023/24 found that the current fees were no longer adequate to offset the costs incurred by the ICO to deliver its statutory responsibilities and the ongoing investment needed to maintain the ICO as an effective, forward-looking regulator.
As the fees have not increased since 2018, their real term value has reduced substantially due to inflationary pressures, while the ICO’s costs have increased year on year. Furthermore, the ICO must continue to invest in organisational transformation and upskilling so that it can keep pace with emerging regulatory issues, maintain a robust and supportive regulatory environment for organisations and help individuals assert their data rights.
Having carefully considered the consultation responses, the government intends to increase fees by 29.8%.
The fee increases are designed to achieve cost recovery, in line with HM Treasury’s principles for Managing Public Money. The government considers these are necessary and justified increases to ensure the ICO’s longer-term financial sustainability and enable it to operate effectively and provide the best service and support to data controllers, as well as empower individuals to assert their data rights.
Data controllers rightly expect and deserve a high-quality service from ICO. Ensuring that the ICO is sufficiently resourced and able to operate sustainably will help the regulator continue to develop and improve their services. This includes further investment in areas highlighted by some respondents to the consultation, such as innovation services and regulatory sandboxes, bespoke tools and support to SMEs, as well as other initiatives aimed at reducing compliance costs to ensure value for money for all fee payers.
Adequate and sustainable funding will also ensure that the ICO is appropriately resourced to effectively and robustly monitor the application of data protection legislation, take decisive action to protect the public and help individuals understand and assert their data rights and hold organisations to account.
The fee increase takes account of historic Retail Price Index (RPI) inflation but is below the compounded RPI rate of 38.5% covering inflationary increases from Q2 2018 up to Q3 2024.
The increase is below the 37.2% uplift the government consulted on, in recognition of the pressures faced by data controllers reflected in the feedback to the consultation. The ICO is committed to ensuring that all those who are required to pay the fee do so, as well as operating efficiently and continuously improving productivity to deliver value for money for the fee payers. The reduction in the uplift required reflects the ICO’s ongoing and concerted efforts to this end. This will help ensure that the costs are shared fairly amongst regulated organisations, whilst minimising burdens on current fee payers.
Contact details
Enquiries to:
ICO Sponsorship and Regulatory Policy Team
Department for Science, Innovation and Technology
1st floor
22 Whitehall
London
SW1A 2EF
Email: dpfr.consultation@dsit.gov.uk
Consultation reference: data protection fees consultation.
Summary of the consultation responses
The Data protection fee regime: proposed changes consultation was launched on 29 August 2024 and closed on 3 October 2024. The consultation sought views on proposals to increase the data protection fees by 37.2%. The consultation also invited views on whether other elements of the regime, namely the criteria for determining fees payable, the discount for Direct Debit payment and the current exemptions from the requirement to pay a fee, remained appropriate.
Respondents were encouraged to provide their response using Qualtrics, the online survey platform used to conduct the survey, although responses submitted via other means were also accepted. Consultations do not give an accurate (‘representative’) view of the spread of views of the population or businesses. For a survey to be ‘representative’, respondents need to be randomly selected from the entire group of interest for the study (‘the population’). As we are unable to determine if respondents to the consultation are randomly distributed, we cannot ensure the responses are generalisable. For that reason, the analysis will only refer to response summaries.
We received a total of 103 complete responses. 93 of these were submitted via Qualtrics, and 10 responses were received via email, including the ICO’s own response.
The consultation included questions capturing sentiment on a scale (such as, from strongly agree to strongly disagree). The tables below provide a breakdown of the answers to these questions, as well as a summary of whether the respondents were responding as an organisation or as an individual. These summaries cover the 93 responses submitted via the online questionnaire. The 10 submissions received over email were not completed in the same way and aren’t directly comparable, so have been excluded from these quantitative summaries.
The views from all 103 responses, including email submissions as well as online questionnaires, are included in the summaries of qualitative findings.
Table 1: Number of responses: individual or organisation
| Number of responses | Percentage of total (%) | |
|---|---|---|
| Individual | 35 | 38% |
| Organisation | 58 | 62% |
| Total | 93 | 100% |
Table 2: Number of responses per sector
| Number of responses | Percentage of total (%) | |
|---|---|---|
| Private sector | 42 | 45% |
| Public sector | 34 | 37% |
| Civil society and voluntary, community and social enterprise sector | 7 | 8% |
| Other | 10 | 11% |
| Total | 93 | 100% |
In total, 57 of the 58 respondents that represented an organisation indicated they were data controllers, and 21 out of 35 of those who responded in an individual capacity said they were data controllers.
Detail of the feedback received
1. Views on proposed increases to Tier 1 fees
The consultation sought views on the proposed £15 increase to the fees for data controllers in Tier 1, from the current £40 to £55 annually. Respondents were asked if they considered the increase:
a. Very appropriate
b. Fairly appropriate
c. Neither appropriate nor inappropriate
d. Fairly inappropriate
e. Very inappropriate
f. Don’t know/no opinion
Table 3: views on proposed increases to Tier 1 fees
| Total (n=93) | |
|---|---|
| Very appropriate | 16% |
| Fairly appropriate | 27% |
| Neither appropriate nor inappropriate | 4% |
| Fairly inappropriate | 13% |
| Very inappropriate | 31% |
| Don’t know/no opinion | 9% |
Those supporting the proposal acknowledged that it was necessary for the ICO to be well resourced to deliver its responsibilities effectively. Some respondents noted that, in absolute terms, the proposed increase was modest and not overly burdensome considering that the fees had not increased since 2018, and that it reflected the rising costs on the ICO. A number of respondents felt that the level of guidance and advice provided by the ICO was worth the extra cost, with some noting that a better funded ICO could help organisations reduce their compliance costs. Some respondents felt that the fee uplifts should come with greater transparency from the ICO on how the increased resources would be allocated and used to reduce compliance burdens and costs as well as to support innovation.
The main themes from those who did not support the proposal were concerns about the impact of increased costs in the current economic climate, which some organisations considered detrimental to their ability to grow, noting that compliance with data protection regulation was already putting a strain on resources and reducing profitability. A number of respondents disagreed with the extent of the increase with some calling for a lower increase, whilst others felt that organisations in this tier should be exempt from the requirement to pay a fee. An additional concern was the nature and extent of data processing, with some respondents highlighting the low volume of data that some Tier 1 organisations processed, which they felt didn’t justify the payment of a fee. Another theme was that current service standards from the ICO were not sufficiently high or consistent enough to justify the fee increase, and some respondents were not aware of how the ICO might be able to help.
Government response
Having carefully considered the consultation feedback, the government intends to proceed with increasing the fees for Tier 1, but at a lower rate of 29.8%. This is below the 37.2% increase consulted on and below historic RPI increases since 2018. This means that the fee payable will go up from £40 to £52 per year; an increase of £12.
The government acknowledges the pressures felt by small organisations and notes concerns reflected in the feedback to the consultation on the impact of increased costs on fee payers in this group. At the same time, the government wants to ensure that the fees are proportionate and that regulatory costs are spread across data controllers, minimising costs on the smallest organisations as far as possible. Approximately 90% or 1.1 million of the current fee payers are in Tier 1 and the fees payable by these organisations have not increased in line with inflation in 24 years. An organisation that pays by Direct Debit currently only pays a charge of £35 which is the same level of fee that was in place from 2000 and until 2018, when the current fees were introduced.
The government is committed to enabling the ICO to deliver quality services and targeted support, to help the smallest data controllers navigate their data protection obligations and enable responsible innovation. Providing the ICO with adequate resources and enabling it to operate on a sustainable basis, will ensure that the regulator is equipped to provide regulatory certainty, reduce the cost and complexity of compliance and support organisations to maximise their responsible use of data.
The ICO has a number of resources targeted at small organisations, including a small organisations hub which offers tailored guidance and toolkits, and is planning to expand on this work by developing new tools and services and improving their outreach to small organisations to raise awareness of the support available to them and ensure value for money.
2. Views on proposed increases to Tier 2 fees
The consultation sought views on the proposed £22 increase to the fees for data controllers in Tier 2, from £60 to £82 annually. Respondents were asked if they considered the increase:
a. Very appropriate
b. Fairly appropriate
c. Neither appropriate nor inappropriate
d. Fairly inappropriate
e. Very inappropriate
f. Don’t know/no opinion
Table 4: views on proposed increases to Tier 2 fees
| Total (n=93) | |
|---|---|
| Very appropriate | 16% |
| Fairly appropriate | 30% |
| Neither appropriate nor inappropriate | 6% |
| Fairly inappropriate | 16% |
| Very inappropriate | 19% |
| Don’t know/no opinion | 13% |
The main themes mentioned by those supporting the proposed increase were an acknowledgement that the uplift reflected rising costs to the ICO and that it was proportionate to the size of organisations in this category, with some noting it was affordable, not overly burdensome and represented good value for money.
Those who did not support the proposal did not consider the increase to be appropriate in the context of the current economic climate. A number of respondents felt that Tier 2 was too broad and therefore the increase was negatively affecting those at the bottom of the tier. Some respondents thought those at the middle and top of this tier could and should pay a higher fee than what was proposed, in a way that was more proportionate to their turnover. Some respondents commented that they did not feel they understood how the fee revenue was going to be used, although others noted the work undertaken by the ICO to help small businesses better understand and comply with data protection rules, citing the ICO’s small organisations hub as an example.
Government response
Having carefully considered the consultation feedback, the government intends to proceed with increasing the fees for Tier 2, but at a lower rate of 29.8%. This is below the 37.2% increase consulted on and below historic RPI increases since 2018. This means that the fee payable will go up from £60 to £78 per year, an increase of £18.
Some respondents who were supportive of this proposal recognised the importance of ensuring the regulator is sufficiently resourced to provide the required level of service. Some respondents, including those who did not agree with the proposal, noted the work undertaken by the ICO to provide support and advice to small businesses.
Whilst concern about the fee increases is understandable, the government is of the view that they are proportionate to the size and turnover of organisations in this tier. The uplifts are necessary to ensure that the ICO is financially sustainable in the longer term and equipped to continue and expand its service offering to SMEs. This will ensure increased regulatory certainty and reduce compliance costs, representing good value for money.
3. Views on proposed increases to Tier 3 fees
The consultation sought views on the £1079 increase to the fees for data
controllers in Tier 3, from £2900 to £3979 annually. Respondents were asked if they considered the increase:
a. Very appropriate
b. Fairly appropriate
c. Neither appropriate nor inappropriate
d. Fairly inappropriate
e. Very inappropriate
f. Don’t know/no opinion
Table 5: views on proposed increases to Tier 3 fees
| Total (n=93) | |
|---|---|
| Very appropriate | 9% |
| Fairly appropriate | 11% |
| Neither appropriate nor inappropriate | 14% |
| Fairly inappropriate | 23% |
| Very inappropriate | 38% |
| Don’t know/no opinion | 6% |
Figures may not add up to 100% due to rounding.
Respondents who felt that the proposed increase was appropriate commented on the need for the ICO to be appropriately funded. Some respondents felt that the increase was affordable and proportionate to the size of the organisations and reflected the higher volume and level of risk of data processing likely undertaken by those in this tier. It was felt by some that it was fair for larger organisations to contribute more to cover the increased regulatory costs, with a number of respondents commenting that organisations at the top of this tier should be paying a much higher fee than that which was proposed.
There were a number of respondents who felt the proposed increase was not appropriate. A theme from these respondents was that this tier captured a large number of public sector bodies with already stretched budgets. It was felt that the proposed uplift was going to put a strain on the resources of these bodies which could negatively impact their service delivery. Some respondents suggested a separate, lower level of charge for public sector bodies. Several respondents commented that it was not right for public sector bodies and organisations at the bottom of this tier to pay the same level of fee as the largest organisations and it was felt that those at the top of this tier should be paying considerably more to ease the cost burden on others.
Government response
Having carefully considered the consultation feedback, the government intends to proceed with increasing the fees for Tier 3, but at a lower rate of 29.8%. This is below the 37.2% increase consulted on and below historic RPI increases since 2018. This means that the fee payable will go up from £2900 to £3763 per year, an increase of £863.
The government wants to ensure that the fees are proportionate and that regulatory costs are spread across data controllers. Given this tier captures organisations with more than 250 staff and more than £36 million annual turnover, we consider the fee increases to be reasonable and justified to secure the ICO’s longer term financial stability. This acknowledges the fact that large organisations are generally more likely to handle larger volumes of personal data and undertake higher risk processing and are therefore expected to put a higher strain on the ICO’s resources than smaller organisations. We believe it is appropriate that the level of fee reflects that.
We recognise that concerns were raised in relation to the impact of these fee increases on public bodies that do not make a profit. While we acknowledge the challenges faced by public bodies, it must be noted that public sector organisations draw quite significantly on the ICO’s resources. This includes the work and time spent by the ICO to respond to requests for advice from public bodies, provide one-to-one support and address complaints received about public bodies. In 2024, over 41% of the requests for advice received by the ICO were from public bodies. In light of this, we consider that a bespoke approach for public bodies would create inequity in the fee model.
4. Views on the current fee structure and the criteria for determining the fees
The consultation sought views on how easy the current structure is to understand and navigate. Respondents were asked if they considered the current structure to be:
a. Very easy to understand
b. Fairly easy to understand
c. Neither easy nor difficult to understand
d. Fairly difficult to understand
e. Very difficult to understand
f. Don’t know/no opinion
Table 6: views on the current fee structure and the criteria for determining the fees
| Total (n=93) | |
|---|---|
| Very easy | 46% |
| Fairly easy | 31% |
| Neither easy nor difficult | 13% |
| Fairly difficult | 5% |
| Very difficult | 1% |
| Don’t know/no opinion | 3% |
Figures may not add up to 100% due to rounding.
A number of respondents felt that the current structure was clear and straightforward to navigate. It was noted that the size-based metrics were in line with the criteria used by other entities to set fees and charges. It was also noted that the self-assessment process to identify the level of fee payable was transparent and accessible, with a few commenting that the information and assessment form on the ICO’s website was quick and simple to complete. A number of respondents noted the fact that charities are subject to tier 1 fees regardless of size and felt this needed to be better communicated as some organisations were unaware this was the case.
Some respondents felt that the structure was difficult to understand. The reasons cited included that the tiers were very broad, covering a range of organisations of different sizes which did not justify all organisations in one tier paying the same level of fee.
The consultation also sought views on the current criteria for determining the level of fee payable (based on the number of staff and annual turnover where applicable). Respondents were asked if they considered the current criteria to be:
a. Very appropriate
b. Fairly appropriate
c. Neither appropriate nor inappropriate
d. Fairly inappropriate
e. Very inappropriate
f. Don’t know/no opinion
Table 7: views on the current criteria for determining the level of fee payable
| Total (n=93) | |
|---|---|
| Very appropriate | 19% |
| Fairly appropriate | 16% |
| Neither appropriate nor inappropriate | 15% |
| Fairly inappropriate | 24% |
| Very inappropriate | 22% |
| Don’t know/no opinion | 4% |
Figures may not add up to 100% due to rounding.
Some respondents considered the current criteria to be appropriate, as they were aligned with the approach taken by other bodies for determining fees and charges payable. It was noted that while there may be other factors that could be taken into account for setting the fees, this could complicate the system and make it less accessible and more confusing to navigate. Some respondents thought that while the criteria were appropriate, Tier 3 needed to be split out further to better capture the largest corporations at the top of this tier.
A number of those who thought the current criteria were inappropriate commented that size was not a good metric for determining the fee payable. They felt the extent, volume and level of risk of data processing activities should be used instead, with those undertaking the highest risk processing and handling large amounts of data having to pay the highest fees. Some respondents also commented that the scope of the tiers was too broad, capturing a diverse group of organisations which was seen as disadvantaging those at the bottom of the tiers.
Government response
Having considered the feedback provided, the government intends to retain the current criteria for determining the fees across the three-tier structure.
The criteria are in line with standard government classifications for micro, small and medium businesses, which take into account the size i.e. number of staff and annual turnover of organisations. As some respondents noted, this aligns with the approach taken by other bodies in setting fees and charges.
While the criteria are not based on factors such as the volume of personal data processed or the level of risk associated with the processing, it does acknowledge that large organisations are generally more likely to process higher volumes of personal data and are therefore expected to draw more heavily on the ICO’s resources than small organisations.
While there may be alternative models that are not size based, introducing and defining clear criteria to assess, for example, the level of risk associated with the processing of personal data, could make the fee structure far more complicated to navigate for fee payers and for the ICO to manage and enforce compliance. It could also require greater administrative effort from all fee payers (which for the majority would be disproportionate to the level of fee required to pay) and could lead to a greater risk of mis-categorisation and therefore instability for the ICO’s funding.
We acknowledge the concerns raised about the breadth of the tiers, which were seen as disadvantaging those at the bottom of the fee bands. The government is committed to ensuring that the criteria for setting the fees are as fair and equitable as possible and will keep the fee structure under review. Retaining the current criteria minimises disruption to both fee payers and the ICO, including the administrative and financial costs inherently associated with implementing a new structure.
5. Views on current exemptions
The consultation asked respondents whether they used an exemption. Overall, 85% of respondents said they do not currently use an exemption, 6% said they currently use one, and 9% said they do not know. Respondents were then asked if they agreed with the proposal to retain the current exemptions from paying the charges. Respondents who did not agree with the proposal were asked to provide further details.
Table 8: views on current exemptions
| Total (n=93) | |
|---|---|
| Yes | 44% |
| Neither agree or disagree | 32% |
| No | 17% |
| Don’t know | 6% |
Figures may not add up to 100% due to rounding.
Some respondents felt that the current exemptions should be revisited. A number of those felt that the exemption for members of the House of Lords, elected and prospective representatives was inappropriate and questioned whether this was justified. It was noted that the exemptions make the system harder to navigate as the circumstances under which a controller might be able to claim an exemption were not always clear. A number of respondents questioned whether the exemption for staff administration, advertising and marketing was justified, as they felt very few organisations would be processing personal data only for those specific purposes and therefore thought the exemption was outdated.
Government response
Upon consideration of the responses, the government intends to retain the current exemptions from the requirement to pay a fee.
The current exemptions ensure that controllers who process personal data solely for these specific exempt purposes are not liable to pay a fee. The majority of controllers benefiting from these exemptions are likely to be sole traders and small businesses. The exemptions therefore seek to minimise, where considered proportionate, financial burdens on these groups, and as such the government is of the view that they continue to be appropriate. It should be made clear that all data controllers need to handle personal data in accordance with the law, regardless of whether or not they are subject to an exemption.
We recognise that some respondents felt that some exemptions were no longer appropriate or justified, including the exemption for members of the House of Lords, elected and prospective representatives. This exemption was introduced in 2019 to avoid barriers to democratic engagement and was supported by 29% consultation of respondents in 2019 (15% opposed it). The government wants to ensure that there are no unnecessary barriers to individuals taking up public roles, also in recognition of the fact that some prospective or elected candidates do not receive substantive remuneration. Whilst we have noted concerns raised regarding this exemption, the government does not consider there to have been sufficient evidence for it to be removed at this time, but we will continue to keep exemptions under review.
6. Views on whether the Direct Debit should be retained
The consultation asked respondents whether they paid the fee by Direct Debit in the past year and sought views from those who did so on how significant the discount was in terms of reducing costs. Respondents were asked if the discount:
a. makes a significant difference
b. makes a small difference
c. does not make a difference at all
d. Does not know/no opinion
60% of respondents said they pay by Direct Debit, 22% said they don’t and 18% didn’t know or it wasn’t applicable.
Table 9: views on whether the Direct Debit should be retained
| Total (n=93) | |
|---|---|
| It makes a significant difference | 25% |
| It makes a small difference | 32% |
| It does not make a difference at all | 41% |
| Don’t know/no opinion | 2% |
A number of respondents felt that any discount was welcome, with two respondents noting its substantial positive impact on micro and sole traders. For the smallest organisations and sole traders, every saving was helpful, and the discount was seen as a means to enable them to further invest in and grow their operations. Some respondents noted the discount was particularly helpful given the current cost of living pressures. A number of respondents viewed the discount as helpful, however it was noted that £5 was largely inconsequential, especially for organisations in Tier 3 who currently pay £2900 in fees. Some appreciated the discount for minimising the risk of forgotten payments and reducing administrative burdens.
Some respondents indicated that the discount was negligible, especially for tier 3 controllers, as it accounted for only 0.01% of the turnover threshold for this fee band. Some felt the discount was too low to make a difference and suggested it would be more appropriate if the discount was more substantial for higher tiers and calculated as a proportion of the fee rather than a fixed amount.
The consultation also sought views on whether the Direct Debit discount should be retained. Respondents were asked if they agreed with the proposal to retain the £5 discount for payment by Direct Debit:
a. Strongly agree
b. Somewhat agree
c. Neither agree nor disagree
d. Somewhat disagree
e. Strongly disagree
f. Don’t know/no opinion
Table 10: views on whether the Direct Debit discount should be retained
| Total (n=93) | |
|---|---|
| Strongly agree | 37% |
| Somewhat agree | 17% |
| Neither agree nor disagree | 18% |
| Strongly disagree | 8% |
| Somewhat disagree | 11% |
| Don’t know/no opinion | 10% |
Figures may not add up to 100% due to rounding.
Among those who agreed with the proposal, one theme about retaining the discount was that even small savings were helpful, particularly for small businesses. The discount was seen as an incentive for Direct Debit payments, making the payment process more efficient and reducing the need for manual processing of payments. It was also noted that the discount ensures payments are not missed. A number of respondents suggested that a larger discount would be more beneficial, with some respondents specifically calling for an increased discount.
Some respondents who disagreed with the proposal argued that fees were already low, and further reductions were unnecessary. It was also noted that some organisations, in particular public bodies, were unable to set up Direct Debits, making the discount inaccessible to them. There were some concerns that retaining the discount causes a loss of revenue for the ICO. Several respondents suggested that the discount should be increased in line with fee increases or automatically included in the fee regardless of the payment method.
Government response
Having considered the feedback provided, the government intends to retain the £5 Direct Debit discount.
The government recognises that the Direct Debit continues to benefit fee payers, especially the smallest organisations, and that it will constitute a payment easement. By incentivizing the use of Direct Debit payments, the discount in turn benefits the ICO by reducing administrative costs and the scope for late or missed payments. On this basis, we believe it is appropriate to retain the Direct Debit discount, but we acknowledge that not all organisations are able to set up Direct Debit payments and therefore cannot benefit from this reduction.
Next steps
The government wishes to thank everyone for submitting their views and comments to the consultation on proposed changes to the data protection fee regime. We welcome the engagement we have received and appreciate the constructive and considered responses submitted.
Having carefully considered all responses, we will take forward legislation to increase the data protection fees payable by data controllers to the Information Commissioner’s Office (ICO) by 29.8%. This will result in the following updated fees:
Table 11: updated fee structure
| tier | current fees | new fees |
|---|---|---|
| 1 | £40 | £52 |
| 2 | £60 | £78 |
| 3 | £2,900 | £3,763 |
We intend to lay legislation in Parliament in January 2025 with a view to bringing the new fees into effect in early 2025.
We thank everyone who took the time to respond to this consultation.