ICO issues first fines for non-payment of fee

ICO issues first fines for non-payment of fee

The ICO has recently announced that it had issued its first fines to organisations for non-payment of the data protection fee.

The fees were introduced under the Data Protection (Charges and Information) Regulations 2018 and all organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350.

There are three different tiers of fee and controllers are expected to pay between £40 and £2,900. However, not all controllers must pay a few, many are exempt.

The tier you fall into depends on:

  • How many members of staff you have;
  • Your annual turnover;
  • Whether you are a public authority;
  • Whether you are a charity; or
  • Whether you are a small occupational pension scheme.

The ICO have created a useful guide and an online self-assessment tool to assist small businesses with questions around the data protection fee.

As always, if you have a legal query please get in touch with the FSB Legal Helpline on 0345 0727727 and we'll be happy to assist you.