GDPR – Don’t forget to pay
One feature of the GDPR is that organisations are no longer required to register with the Information Commissioner’s Office (ICO) – but there is still an obligation to pay an annual fee. And the ICO is already taking action against organisations that have failed to pay.
The obligation to make the annual payment arises for each organisation 12 months after it made its last annual notification under the Data Protection Act – and on each anniversary of that date.
The fees payable vary according to size, turnover and status (e.g. charities) and range from £35 to £2,900.
The ICO has already begun formal enforcement action against 34 organisations that have failed to pay the fee. The ICO has sent those organisations notices of its intention to fine them unless they pay. The maximum fine is £4,350. It is reported that the ICO has more notices ready to send to other organisations that are late in paying the fees.
Payment can be made by direct debit which will eliminate the risk of fines for forgetting to pay.
If you have questions, we can help. Please get in touch.Back to Our Thinking →