13 May

No excuses for non-payment of Data Protection Fees says ICO

UK organisations are required to pay the Information Commissioner’s Office (ICO) an annual data protection fee unless they are exempt. The fee payable depends on the tier of the organisation, and ranges from £40 to £2,900.

Companies could also be fined a massive £4,350 if “aggravating factors” are present, and the funds thus recovered go not to the ICO, but to the Treasury.

Organisations who process individuals’ data are required to pay the fee, which funds the ICO’s activities.  Large organisations are charged more because they are likely to process more data.

Penalty notice

The ICO has so far issued a penalty notice to more than 100 organisations for failing to pay their data protection fee. which came into force this year to fund the GDPR’s broad regulatory approach.

Companies making excuses for failing to pay this fee may not be accepted by the ICO as a reason why they didn’t pay the fee.

No excuses

This was more than evident recently when the luxury paint and wallpaper company Farrow & Ball Limited was issued with a £4,000 penalty for its failure to pay the £2,900 data protection fee required of a tier 3 organisation.

Farrow & Ball appealed this penalty notice at the First Tier Tribunal in March this year on the basis that its failure to pay was an innocent mistake, as:

  • the ICO’s reminder was sent when the relevant individual was on holiday;
  • the reminder was not identified as important internally;
  • Farrow & Ball contacted the ICO promptly once the failure was identified and paid the fee immediately; and
  • Farrow & Ball has put procedures in place to ensure it will not happen again.

Appeal

However, in its first ruling of an appeal against such a notice, the Tribunal held that Farrow & Ball did not have a reasonable excuse for non-compliance as a “reasonable controller” would have systems in place to comply with the 2018 Regulations and there was no particular difficulty or misfortune which explained Farrow & Ball’s departure from the expected standards of a “reasonable controller”.

There was no evidence of financial hardship or other reason for the ICO’s discretion to be exercised differently. The penalty notice was therefore upheld.

Subject to any further appeal by Farrow & Ball, it is likely that a similar approach will be taken by the Tribunal in any appeals brought in future.

Paul Arnold, ICO Deputy Chief Executive Officer/Executive Officer said

“Last year we began for non-payment of the data protection fee, sending out a clear message that those who didn’t pay risked a fine.

“We stepped that up earlier this year when we began identifying organisations which had been issued with a fine, as well trend reports to show which sectors had been issued with fines.

“The recent dismissal of the first appeal of a fine for non-payment of the fee by Farrow and Ball sends a further message, loud and clear, that there is no excuse for non-payment.”

Data protection law expert Kathryn Wynn of Pinsent Masons, the law firm behind Out-Law.com, said “Altogether, the ICO’s announcements and enforcement action amount to a concerted campaign and it demonstrates its willingness to clamp down on companies that fail to pay the data protection fee.

“Businesses that have not yet done so should examine whether they are eligible for an exemption from the fee and, if not, complete the process of payment promptly.”

 

 

 

LATEST NEWS

BENEFITS

  • Feature
    No set up fee
  • Feature
    Maintain compliance
  • Feature
    Save time and resources
  • Feature
    Certified GDPR experts
  • Feature
    Protect your reputation
  • Feature
    Protect your business
THE COMBINATION OF GDPR CERTIFIED SPECIALISTS AND COMPLIANCE EXPERTS, BACKED BY OUR PROPRIETARY iCaaS SOFTWARE PLATFORM DELIVERS THE MOST EFFECTIVE GDPR COMPLIANCE, ANYWHERE.
Photo

Pricing

Check out our most popular packages to assist your business to achieve 100% GDPR compliance
  • PAY MONTHLY
  • PAY IN ADVANCE
    ONE MONTH FREE
24/7 portal access

30 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP Analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Extensive FAQs

1 authorised user

Instant access

£49 PER MONTH

Buy Now

£539

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

120 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Data breach support

Extensive FAQs

Up to 4 authorised users

Instant access

£99 PER MONTH

Buy Now

£1089

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

240+ minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Advanced DPIA guidance

Proactive project plan tracking

Automated legislation and ICO updates

Enhanced data breach notification support

Extensive FAQs

Up to 10 authorised users

CONTACT US

Get In Touch
PRICE ON APPLICATION

INTERESTED...
TRY OUR DEMO

No need to wait. Log in straight away and take a look at our easy-to-use online portal 24/7.

ONLINE DEMO

HAVE ANY
QUESTIONS?

Our team of GDPR experts are here to offer you pre sales advice to help you choose the right package.

READY TO
GET STARTED?

Wherever you are, our solution helps you reach and maintain compliance.

BUY NOW

Get in
Touch

ADDRESS

8 Elmwood, Chineham Park,
Basingstoke, RG24 8WG

CONNECT WITH US