Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsFirst Fines of 100 Data Controllers Over UK Data Protection Fee
Organizations have not been paying the annual data protection fee levied on data controllers that pays for work done by the United Kingdom’s Information Commissioner’s Office (ICO). More than 900 notices of intent to fine organizations for non-payment have been sent in the last three months, according to the data protection authority.
The ICO notice at the end of November indicated that these organizations were fined for not renewing their fees following their expiration and that more fines will follow this “first round”.
The data protection fee due to ICO ranges from 40 pounds to 2,900 pounds (with the maximum fee reserved for large organizations). The Tier 3 fee is for organizations that have more than 36 million pounds in turnover for the financial year or more than 250 members of the staff. All data controllers are considered to be in tier 3 unless they inform the ICO otherwise.
Unless an exemption applies, the fee is payable by all data controllers operating in the UK. Exemptions are available for those organizations that are processing personal data only for staff administration, advertising/marketing/public relations, accounts and records, not-for-profit purposes, personal or family affairs, maintaining a public register, judicial functions or processing without an automated system such as a computer.
The new schedule of data protection fees for data controllers went into effect in May along with the General Data Protection Regulation (GDPR). Prior to GDPR in May, there was a registration requirement with a fee of either 35 or 500 pounds depending on size and turnover of the organization.
The fines for businesses that do not qualify for an exemption and do not pay range up to 4,350 pounds if aggravating factors apply. The changes which went into effect also made fines for nonpayment a civil monetary penalty rather than criminal sanction.
The data protection fee funds the work of the ICO. The DPA now employs 670 staff to investigate complaints and data breaches, provide guidance on data protection obligations, and complete other regulatory work.
More Blog Posts from Clarip:
Prep for a GDPR Split via a No Deal Brexit
EU Issues Opinions on Adequacy of Japanese Data Protections
EU and Japan Recognize Reciprocal Adequacy of Data Protection Laws
The UK’s Brexit White Paper on Data Protection
Improve Data Privacy for GDPR or CCPA with Clarip
The Clarip team and enterprise privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent management software.
Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
