Where's my money?! UK Info Commish squeezes data controllers while brandishing £4,350 fine
Orgs failing to pay fee will get smacked with further penalty
The UK's privacy watchdog has slapped down 34 organisations that haven't paid fees under the country's new data protection regime.
Since May, data controllers – organisations or people that define how and why personal data is processed – have been required (PDF) to pay increased charges to the Information Commissioner's Office (ICO).
But, according to the ICO, a number haven't handed over the cash – which could be anything between £40 and £2,900 depending on the size of the company. It is now chasing them down, threatening a £4,350 fine if they don't pay up.
Deputy CEO Paul Arnold said he expected organisations would pay up once they received the notices of intent to fine, but added that the ICO "will not hesitate to use our powers if necessary".
Organisations on the naughty step include NHS and government bodies, along with firms in recruitment, finance and accounting.
They will have 21 days to respond and if they refuse to pay or ignore the missive, they could be fined between £400 and £4,000. The ICO can tack on extra charges for aggravating factors, taking the total fine up to £4,350.
Under the UK's previous regime, controllers had to register with the ICO and pay a fee of £35 or £500 depending on the firm’'s size and turnover. Failure to pay was a criminal offence.
New data protection legislation that came into force in May made non-payment a civil offence, as well as boosting the charges.
The fees work on a tiered structure based on staff numbers and maximum turnover: organisations with fewer than 10 staff pay £40, SMEs pay £60 and those with more than 250 staff or a £36m-plus turnover have to pay £2,900.
Unlike fines for dodgy data practices, this cash goes into the ICO’s coffers, and is used to fund its actvities – so it’s not surprising the overworked body is keen to slurp up the cash. ®