It has recently been reported that the ICO has resorted to issuing fines to organisations who have not paid their fee after several attempts to collect. Failure to pay the data protection fee is now a civil offence under the GDPR, previously this was a criminal offence under the Data Protection Act 1998. All organisations, companies and sole traders that process personal data must pay an annual fee to the ICO unless they are exempt. Organisations that have a current registration (or notification) prior to 25 May 2018, do not have to pay the new fee until that registration has expired.
The fees and fines are:
- Tier 1 – micro-organisations. Maximum turnover of £632,000 or no more than 10 staff. Fee £40. Fine £400
- Tier 2 – SME’s. Maximum turnover of £36 million or no more than 250 staff. Fee £60 Fine £600
- Tier 3 – large organisations. Those not meeting Tier 1 or 2. Fee £2,900 Fine £4000
There is a £5 discount for payments by direct debit.
Checklist for Schools and Academies
- Have you adopted a DPO?
- Are you aware of your obligations as a Data Controller?
- What policies have you adopted?
- What data protection training has been provided to staff?
- What would you do in the event of a breach?
- Are you registered with the ICO?
If you don’t have a DPO or don’t know where to start, please do give Ben Cain at FusionHR a call and he can discuss our DPO service for your organisation.