ICO applying pressure on organisations who have failed to pay new data protection fee
In September 2018 the Information Commissioner’s Office (ICO) began formal enforcement action against 34 organisations across both the public and private sector including the NHS, recruitment, finance, government and accounting that have failed to pay the new data protection fee.
The data protection regulator has issued Notices of Intent stating that fines will be applied unless the organisations pay up within 21 days. If they pay, action will stop. Those that ignore the notices or refuse to pay may face a fine of up to £4,350.
To calculate data protection fees, organisations are divided into three tiers based on their size, turnover and whether an organisation is a public authority or charity. For small organisations, with up to ten employees and turnover up to £632,000, the fee won’t be any higher than the £40. The fee for organisations with up to two hundred and fifty staff and turnover up to £36 million is £60 and the fee for even larger organisations is £2,900. The fee is higher because these organisations are likely to hold and process the largest volumes of data and therefore represent a greater level of risk.
Organisations that have a current registration (or notification) under the 1998 Act (prior to 25 May 2018) do not have to pay the new fee until that registration has expired.
The ICO have confirmed that more notices are in the drafting stage and will be issued soon so our advice is don’t leave it too late and take advice as soon as possible on your data protection / GDPR requirements by contacting Lucy Gannon on< Back