GDPR – ICO Takes Action Against Organisations That Have Failed To Pay New Data Protection Fee

ensure your business is GDPR compliant

The General Data Protection Regulation (GDPR) only came into force 5 months ago, on 25th May 2018, and already the ICO have begun taking action against organisations.

Last month, the Information Commissioner’s Office (ICO) announced that it is taking formal action against 34 organisations under the GDPR, for failing to pay the new data protection fee for 2018. These organisations, that include financial services, recruitment companies and NHS bodies, could face a fine of up to £4,000 should they fail to pay the fee.

A data protection fee is the annual cost that companies must pay to the ICO, and this fee varies between £40 and £2,900 per year. This was also the case under the Data Protection Act 1998. Where organisations that collect and handle personal data had to pay an annual registration fee to the ICO.

Under the General Data Protection Regulation, the yearly fee you pay depends on the size of your organisation. Micro-organisations will pay an annual fee of £40, SMEs (small and medium-sized organisations) will pay a £60 fee, while large organisations will pay £2,900 for the year.

The notices of intent to the 34 organisations were sent last month, and these organisations had 21 days to respond with payment. If they pay the fee, action from the ICO will stop. Failure to pay the fee will result in a fine, which will range between £400 and £4,000, and again, this will depend on the size of your business.


How Ghost Can Help?

If you’re worried about how GDPR will affect your business, you can get in contact with Ghost. Ghost are experienced GDPR experts, and have partnered with our friends at IT Governance to provide GDPR Consultancy, Assessment and Compliance services to local businesses in Essex, Hertfordshire and Cambridgeshire.

Take the first steps towards GDPR compliancy by contacting Ghost IT on 01708 390 370 and speaking directly with one of our data protection experts. You can find out more about our GDPR Consultancy services by visiting our GDPR page.