The Information Commissioner’s Office (ICO) has commenced enforcement against 34 organisations that have failed to pay the new data protection fee following the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018.
All organisations must pay a fee to the ICO if they process personal data, unless an exemption applies, with fees used to fund the ICO.
The 34 enforcement notices were sent in September 2018 to a range of organisations across both the public and private sectors including the NHS, recruitment organisations, financial services and government departments.
The ICO has stated that more notices will be issued shortly. The organisations have 21 days to respond. If they pay the relevant fee, no further enforcement action will be taken.
Depending on the size and turnover of the organisation, failing to respond to an enforcement notice or refusing to pay could result in a fine from £400 to £4,000.