Financial services companies, NHS bodies and recruitment companies are among 34 organisations that could be fined for failing to pay the new data protection fee, the UK's data protection watchdog has said.01 Oct 2018
The Information Commissioner's Office (ICO) announced that it has served each of the organisations with a notice of intent to fine them should they fail to pay the fee it has said they owe within 21 days. A maximum fine of £4,350 could be levied for non-payment, it said.
Organisations responsible for how personal data is handled are generally obliged to pay a data protection fee each year to fund the monitoring of compliance and enforcement of data protection law in the UK.
A rate of £40 for micro organisations, £60 for small and medium organisations, and £2,900 for large organisations applies, with the fee payable by all data controllers operating in the UK, unless an exemption applies. The ICO issued guidance on the topic of the data protection fee earlier this year.
Paul Arnold, the ICO's deputy chief executive, said: "We expect the notices we have issued to serve as a final demand to organisations and that they will pay before we proceed to a fine. But we will not hesitate to use our powers if necessary. All organisations that are required to pay the data protection fee must prioritise payment or risk getting a formal letter from us outlining enforcement action."
The ICO said that it is currently drafting further notices of intent to fine other organisations for failure to pay the data protection fee.