Figuring out when to pay the data protection fee can be confusing. In this post, we’ll help you understand when to pay and how to do it. We’ll also discuss some of the exemptions from the fee. Stay tuned!
When to Pay Data Protection Fee?
Data Protection Fee is paid by all companies. These are firms that are subject to the General Data Protection Regulation (GDPR). It is an annual fee that must be paid to the Information Commissioner’s Office (ICO).
The ICO has reported that more than 3,000 data protection audits have been carried out in the UK. Over 500 businesses have already paid their Data Protection fee. That is since the GDPR came into force on 25 May 2018.
Moreover, the ICO has also reported that fines of £70m have been issued. That is in the first 6 months of GDPR implementation. So, it is 5 times higher than the figure issued in the previous year.
Data Protection Payment
If you are a business or organization that processes personal information on individuals, you must pay the Data Protection fee. There are different rates based on your organization’s size and turnover. Information Commissioner’s Office (ICO) has published guidelines on how much a business or organization should pay as a data protection fee.
You must also pay the data protection fee if your business is not in compliance with GDPR. This could be due to any of these reasons. First, improper handling of personal information and non-adherence to data subject rights.
This lack of accountability for processing activities. In such cases, the ICO can impose a fine on your business or organization. This may be as high as £17 million (4% of worldwide turnover) for regulated sectors and £500,000 (2% of worldwide turnover) for non-regulated sectors.
As per ICO, there are more than three million businesses and organizations in the UK that are required to pay Data Protection Fee. So, the revenue generated from this fee will be used by ICO. That is to fund its operational costs and enforcement activities to ensure compliance with GDPR.
Payment Methods
You are required to pay the data protection fee before 27 November 2018. The payment can be made by credit card, debit card, electronic bank transfer, cheque, or postal order. You can also pay via BACS or CHAPS.
If you are unable to pay online then you can send a cheque or postal order. This is to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. What if more than one person is nominated as the data controller for a business or organization?
Then all such persons are jointly and severally liable for payment of the fee. However, if the nominated person is a non-profit making body that does not have a turnover that exceeds £10 million. Then it does not need to pay the fee if it is not in compliance with GDPR.
However, what if an organization is required to pay more than £35 thousand as a penalty in a particular year? Then it will have to pay an annual fee of £3 thousand from the following year onwards. So, when you are in the process of establishing your business or organization in the UK and want to know more about GDPR compliance then you should contact our GDPR experts.