March 24, 2019

March 22, 2019

Subscribe to Latest Legal News and Analysis

March 21, 2019

Subscribe to Latest Legal News and Analysis

Have you Paid your Data Protection Fee

The Data Protection (Charges and Information) Regulations 2018 came into force in May 2018. Generally, these Regulations mean that Controllers must pay the ICO an annual data protection fee unless they are exempt. The exemptions are relatively limited. The requirement to pay an annual fee replaces the previous requirement to register with the ICO. The fee ranges from £40 to £2900, depending on the tier of organisation. The fee helps to fund the ICO.

In September, the ICO sent over nine hundred letters of intent to organisations that had not paid their fee. The ICO has now announced that it is issuing penalty notices and fining over one hundred of those businesses for failing to pay their data protection fee.

The fines range from £400 to £4000. An additional £350 can be added where specific aggravating factors are present, making the total maximum fee £4350. Organisations will have 28 days to pay their fine and comply with the terms of the notice. Failure to pay within that time may lead to further legal action. Construction and finance companies have been the first sectors in the ICO’s focus.

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Emaa Yaltaghian Squire PB Data Privacy Lawyer

Emma Yaltaghian is a member of our Data Privacy & Cybersecurity team. Emma advises clients on all aspects of compliance with the EU GDPR and UK Data Protection Act 2018, as well as the EU ePrivacy rules.

Emma also assists the EMEA Communications Practice by providing regulatory advice.

Emma has successfully project managed numerous data protection compliance projects, including conducting detailed gap analysis and remediation.

Emma has advised clients in data breach scenarios, including cross-border data breaches. She has also advised on whether or not notification...

+44 20 7655 1515