For years we have been warning clients who register trade marks that they might receive a letter out of the blue from an official sounding organisation asking them to pay a registration fee. It's a common speculative invoicing scam. The fraudsters see that you have registered a trade mark (the registry is public) and then send a letter/invoice hoping that it will be sent on to the company's accounts department for payment without being studied too closely. If you do look at it closely, it's usually a request for a payment for inclusion on some completely unnecessary, invented registry.
Unfortunately, we may have done too good a job at educating our clients to be alive to this scam. The Information Commissioner's Office (a very real organisation) has started writing to companies speculatively to ask if they are registered with them as a Controller of personal data. And we have received reports of client's tearing up the letters thinking they were a try-on!
It is in fact the law that companies must register with the ICO and pay the annual registration fee if they are a Controller of personal data and they are not exempt from registration. There's a helpful self-assessment questionnaire on the ICO's website that you can use to find out if you are exempt.
So, if you receive a letter from a certain supervisory authority with an aversion to capitalising its initials, please do take it seriously. If you are not exempt and you fail to register, you could be required to pay a significant fine.
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/12/the-data-protection-fee-does-your-company-need-to-pay/Under the Data Protection Act 2018 organisations processing personal information are required to pay a data protection fee unless they are exempt.