[BreachExchange] Er, we have 670 staff to feed now: UK's ICO fines 100 firms that failed to pay data protection fee

Destry Winant destry at riskbasedsecurity.com
Fri Nov 30 08:30:26 EST 2018


https://www.theregister.co.uk/2018/11/29/fines_slapped_on_companies_that_havent_paid_data_protection_fee/

More than a hundred firms have been fined for failing to pay fees that
the UK's overstretched data protection watchdog needs to feather its
nest.

Since May, data controllers – orgs that define how and why personal
data is processed – have been required to pay higher fees to the
Information Commissioner's Office.

If they don’t, the ICO can fine them up to £4,000, and they are able
to levy an extra £350 on the most egregious cases.

The body has been sending out warning letters to companies that
haven't made the payment, with more than 900 issued.

Today it announced it was issuing 100 of these bad apples, in the
business services, construction and finance sectors, with monetary
penalties.

"More fines are set to follow," the ICO added.

The body has a vested interest in these data protection fees because –
as opposed to the fines it hands out for breaches of data protection
laws – that cash goes straight back into its coffers.

The money is to fund the ICO's work investigating data breaches and
complaints, its advice line and other resources it offers to
organisations and the public.

"The ICO has grown over the last two years to meet its wider data
protection remit and responsibilities following GDPR. It now employs
670 staff," it said, pointedly.

Deputy CEO Paul Arnold said the ICO had made "numerous attempts" to
bring in the fees using a "robust collection process" and warned those
who have been fined must pay within 28 days or risk further legal
action.

He said organisations are breaking the law if they process personal
data, or are responsible for processing it, and don't pay the fee.

The fees work on a tiered structure based on staff numbers and maximum
turnover: organisations with fewer than 10 staff pay £40, SMEs pay £60
and those with more than 250 staff or a £36m-plus turnover have to pay
£2,900.

The fines are tiered too, up to £400, £600 and £4,000, respectively.


More information about the BreachExchange mailing list