The ICO has recently announced that it had issued its first fines to organisations for non-payment of the data protection fee.
The fees were introduced under the Data Protection (Charges and Information) Regulations 2018 and all organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350.
There are three different tiers of fee and controllers are expected to pay between £40 and £2,900. However, not all controllers must pay a few, many are exempt.
The tier you fall into depends on:
- How many members of staff you have;
- Your annual turnover;
- Whether you are a public authority;
- Whether you are a charity; or
- Whether you are a small occupational pension scheme.