In a move that gives some useful insights into the Information Commissioner’s Office (ICO)’s approach on fines the body has announced that it has begun formal enforcement action against organisations that have failed to pay the new data protection fee.
Organisations have 21 days to respond to the notices. If they pay, action will stop. Those that ignore the notices or refuse to pay may face a fine ranging from £400 to £4,000 depending on the size and turnover of the organisation. Aggravating factors may lead to an increase in the fine up to a maximum of £4,350.
The money raised from the fee is used to fund the ICO’s operations and was established by Data Protection Regulations 2018 that came into force on 25 May to coincide with the new Data Protection Act (2018) and the General Data Protection Regulation.
The ICO release contains full details