"Many businesses have still not paid the fee, with a significant number unaware it even needs to be paid and the ICO are now taking action."
The number of penalty notices served on small businesses for failing to pay their data protection fee is being ramped up, a leading solicitor has warned.
James Pressley, Head of Corporate and Commercial at Kirwans law firm, said that many businesses have still not paid the fee, with a significant number unaware it even needs to be paid; and the ICO are now taking action.
Since the introduction of the GDPR in May 2018, every organisation or sole trader who processes personal information is obliged to pay a data protection fee to the ICO, unless they are exempt. A failure to do so could lead to fines of up to £4,350.
Jmes said: “For businesses with less than 10 members of staff or a turnover of less than £632,000, the data protection fee would be £40, but the fine for failing to pay is £400, which is certainly an incentive to pay for a small business.
“For businesses with less than 250 members of staff and a turnover of less than £36,000,000 the data protection fee would be £60, but the fine for non-compliance is £600.”
Between January 1, 2019 and March 31, 2019, the ICO had issued 123 fines for failure to pay the data protection fee and the ICO has confirmed that more fines will follow.
“The ICO is ‘naming and shaming’ the organisations that failed to pay and every month it publishes a list of companies that have been issued a penalty notice for non-payment on its website,” said James.
“One of the best-known businesses to face the fine so far is famous paint manufacturer Farrow and Ball. They were due to pay a data protection fee of £2,900 by August 9 2018, which they failed to do. The ICO fined Farrow and Ball £4,000 for non-payment on November 28, 2018.
“Farrow and Ball appealed against this decision on the basis that ‘their representative was on holiday at the time’. Rather unsurprisingly, Farrow and Ball’s appeal was dismissed and they had to pay the £4,000 fine on top of their data protection fee of £2,900, which demonstrates that any attempt to defend non-compliance on the basis that it was an innocent mistake just won’t wash.”
The data protection fee can be paid through the ICO’s website. Anyone uncertain of whether they need to pay the fee can use the ICO’s self-assessment tool to find out.