Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

ICO enforces the data protection fee

Financial services companies, NHS bodies and recruitment companies are among 34 organisations that could be fined for failing to pay the new data protection fee, the UK's data protection watchdog has said.01 Oct 2018

The Information Commissioner's Office (ICO) announced that it has served each of the organisations with a notice of intent to fine them should they fail to pay the fee it has said they owe within 21 days. A maximum fine of £4,350 could be levied for non-payment, it said.

Organisations responsible for how personal data is handled are generally obliged to pay a data protection fee each year to fund the monitoring of compliance and enforcement of data protection law in the UK.

A rate of £40 for micro organisations, £60 for small and medium organisations, and £2,900 for large organisations applies, with the fee payable by all data controllers operating in the UK, unless an exemption applies. The ICO issued guidance on the topic of the data protection fee earlier this year.

Paul Arnold, the ICO's deputy chief executive, said: "We expect the notices we have issued to serve as a final demand to organisations and that they will pay before we proceed to a fine. But we will not hesitate to use our powers if necessary. All organisations that are required to pay the data protection fee must prioritise payment or risk getting a formal letter from us outlining enforcement action."

The ICO said that it is currently drafting further notices of intent to fine other organisations for failure to pay the data protection fee.