340 fingered for failing to cough up data protection fee

Norwegian_AirThe Information Commissioner’s Office is continuing to come down hard on companies which are failing to pay their data protection fees, after dishing out fines totalling £145,800 to 340 non-payers between July and September this year, including Norwegian Air UK.

The vast majority of defaulters (333 organisations) have been issued with a £400 penalty, although three have had to cough up £600 and a further four have been hit for £4,000.

Health companies dominate the “list of shame”, with 119 firms, followed by finance, insurance and credit (450) and general business (28).

Under the new structure, introduced under GDPR, organisations with fewer than 10 staff pay £35 as long as they pay by direct debit, SMEs are charged £60, and those with more than 250 staff or a £36m-plus turnover pay £2,900 a year.

In November last year, the regulator said it had sent over 900 “notices of intent” to fine companies who had failed to cough up, but refused to name them. In April this year, 90 companies which were issued with fines were named on the ICO website, including household brands Reckitt Benckiser, Coty UK, Prezzo, Caterpillar, and Condé Nast.

Upmarket paint and wallpaper manufacturer Farrow & Ball took its case to appeal to try to overturn its fine, arguing, among other things that the person responsible for paying the fee was “on holiday”.

However, the appeal was thrown out and ICO deputy chief executive Paul Arnold said at the time: “[The ruling] sends a further message, loud and clear, that there is no excuse for non-payment. Data controllers are given adequate opportunity to pay the fee to the ICO before they are issued with a fine. Being on holiday is no excuse.

“We consider any reasonable representations from organisations in response to our notices of intent to serve a penalty. If you haven’t paid the fee before, you can find out if you are required to using our self-assessment form. If you have already paid and want to check your renewal date, you can also do that via the register of data controllers.”

All fines recovered do not go to the ICO, they go to the Treasury’s Consolidated Fund.

Related stories
Brands ‘have no excuse’ to ignore data protection fee
Top brands savaged for not paying data protection fee
Over 900 face fines for not paying data protection fees
ICO launches crackdown as firms fail to pay new fees
Big firms shoulder burden as new ICO fees are revealed
ICO stirs hornet’s nest with plans for huge rise in fees

Print Friendly