The ICO has started sending letters out to registered companies in the UK that are not paying fees to them. It is important you take note of these since failing to pay when you need to, could result in fines and being publicly named as failing to comply. The ICO notes that it has already fined 340 entities between July and the end of September this year for this violation.
Key facts to be aware of:
- the scope of who must pay fees to the ICO is much wider than the previous notification requirements and there are very few exemptions;
- if you think an exemption does apply, the ICO expects you to notify it via its online form as to why (although frustratingly it doesn't have a similar form for where you believe the fee requirement doesn't apply as opposed to just being able to rely on an exemption);
- if you have several companies in your group, you should consider carefully whether all and not just the most obvious ones should be registered - the ICO is checking ALL registered companies.
We have launched a campaign to contact all registered companies in the UK reminding them of their legal responsibility to pay a data protection fee. The move marks the start of an extensive programme to make sure the Data Protection Fee is paid by all those who need to pay it.