The Information Commissioner’s Office (ICO) announced last week that has issued fines to over 100 businesses across the financial, manufacturing and business service sectors for failing to pay their data protection fee to the ICO.
The fee could be as little as £35 per year but the fine could be up to £4,350 depending on the size and turnover of the organisation. For small businesses with five to ten employees, the fees could be between £400 and £600 - less than the cost of an annual subscription to Astrid!
What’s more striking about the ICO’s announcement is that the regulator has already issued over 900 ‘notices of intent to fine’ to businesses since September. It looks like the first 100 fines are just the beginning of a campaign by the ICO to get organisations to pay their data protection fees
Why is the ICO pursuing these fees?
Paul Arnold, Deputy Chief Executive Officer is quoted as saying: “You are breaking the law if you process personal data or are responsible for processing it and do not pay the data protection fee to the ICO. We produce lots of guidance for organisations on our website to help them decide whether they need to pay and how they can do this."
Added to that, the ICO makes very clear that its own work is funded by the income from data protection fees (fines don’t go to the ICO, they go to the Treasury). ICO income statements show that they forecast around £40 million income from data protection fees this year. That may sound like a lot but with 5.7 million businesses registered in the UK in 2017, it’s a drop in the ocean. We can’t be sure how many of these businesses were eligible to pay a data protection fee but if we take a conservative guess that 50% of them should pay the £35 minimum fee then the ICO’s income would be more like £100 million.
Could my business be next?
The Information Commissioner, Elizabeth Denham, has been consistently clear that she expects all businesses using personal information to put the right systems in place to protect that information. Focusing businesses on paying their fees gives the ICO more income to carry out its enforcement work. It is now a matter of time before the ICO starts to look at businesses in more detail to see what data protection measure they have in place.
If you are unsure about what your company should do, Astrid can help. Astrid explains everything you need to have in place and guides you through collecting the right evidence to prove you are meeting the requirements of the Data Protection Act 2018 and GDPR.
Sign up for your account today and start your subscription to Astrid for as little as £225 a year. It is just possible you could save your business from a significant fine!
Protect your business - become and remain GDPR compliant with Astrid