Here's what you need to know.
When GDPR came into effect, it brought with it the Data Protection Fee, which most organisations have to pay. Failure to cough up the cash, it said, would result in a monetary penalty of several thousand pounds. This week, Data Protection Fee fines became a reality.
Over the past few months, the Information Commissioner's Office (ICO) has sent out more than 900 letters to companies that haven’t paid the money they owe (which can range from £40 to £2,900, depending on the size of their workforce and their annual turnover), demanding the cash. On 28th November 2018, the ICO announced that it had fined a hundred of these businesses for non-compliance. More would follow, it said in its announcement.
Like the fee itself, the Data Protection Fee fines vary according to the size and turnover of the offender, starting from £400 and going right up to £4,000. A further £350 may also be added if there are aggravating factors.
Why Do Data Protection Fee Fines Exist?
The ICO is completely open about the reasons for the fines:
“The money collected from the data protection fee funds the ICO’s work to uphold information rights such as investigations into data breaches and complaints, our popular advice line, and guidance and resources for organisations to help them understand and comply with their data protection obligations. The ICO has grown over the last two years to meet its wider data protection remit and responsibilities following GDPR. It now employs 670 staff.”
Without money from the Data Protection Fee, the ICO would not be able to enforce GDPR effectively, and with so many extra staff to pay for, it’s understandably irked by businesses that don’t pay their way.
Should You Pay The Fee?
If you don’t want to pay a Data Protection Fee fine, then you should pay the Data Protection Fee, if you’re required to. The real question, then, is whether you meet the criteria or whether you’re exempt.
As our previous blog post on this subject explained, most organisations that process personal data should be paying the fee, so if you’re in any doubt about what you should be paying, contact the ICO helpline on 0303 123 1113.
Is your cyber security GDPR compliant? Contact TMB on 0333 900 9050 to arrange a comprehensive cyber security audit.