ICO issues fines for not paying data protection fees
The Information Commissioner’s Office (ICO) issued a statement in September announcing that it had commenced formal action against 34 organisations which had failed to pay the data protection fee.
All data controllers currently have to pay a fee to the ICO unless they are exempt from doing so. This fee was introduced to coincide with the General Data Protection Regulation (GDPR) which came into force in May this year. The fee charged will depend on the size of the organisation with a three tier system in operation. The fee ranges from £35 for very small organisations through to £2,900 per annum for large organisations. It is likely that most pension schemes will fall into the first tier, although this will be confirmed by the ICO when the fee is due.
Those organisations which have failed to pay the fee have received notifications ordering them to pay. Should they refuse to do so, they may receive a fine of up to £4,350.
Those organisations which already have a current registration under the previous data protection regime do not need to pay the new fee until that registration has expired. They will be notified by the ICO as to when this is, whereupon they will need to pay this new fee.
Further information can be found here.