More GDPR fines could be on the way for region’s SMEs

Published on Business stage: Scaling, Starting, Unlocking

James Pressley, Head of Corporate and Commercial at Kirwans law firm, explains that the number of penalty notices served on small businesses for failing to pay their data protection fee is being ramped up.

Following the introduction of the GDPR in May 2018, every organisation or sole trader who processes personal information is obliged to pay a data protection fee to the ICO, unless they are exempt. A failure to do so could lead to fines of up to £4,350. But many businesses have still not paid the fee, with a significant number unaware it even needs to be paid; and the ICO are now taking action.

For businesses with less than 10 members of staff or a turnover of less than £632,000, the data protection fee would be £40, but the fine for failing to pay is £400, which is certainly an incentive to pay for a small business. For businesses with fewer than 250 members of staff and a turnover of less than £36,000,000, meanwhile, the data protection fee would be £60, but the fine for non-compliance is £600.

Between January 1, 2019 and March 31, 2019, the ICO had issued 123 fines for failure to pay the data protection fee and the ICO has confirmed that more fines will follow. The ICO is ‘naming and shaming’ the organisations that failed to pay and every month it publishes a list of companies that have been issued a penalty notice for non-payment on its website.

One of the best-known businesses to face the fine so far is famous paint manufacturer Farrow and Ball. They were due to pay a data protection fee of £2,900 by August 9 2018, which they failed to do. The ICO fined Farrow and Ball £4,000 for non-payment on November 28th, 2018.

Farrow and Ball appealed against this decision on the basis that ‘their representative was on holiday at the time’. Rather unsurprisingly, Farrow and Ball’s appeal was dismissed and they had to pay the £4,000 fine on top of their data protection fee of £2,900, which demonstrates that any attempt to defend non-compliance on the basis that it was an innocent mistake just won’t wash.

The data protection fee can be paid through the ICO’s website. Anyone uncertain of whether they need to pay the fee can use the ICO’s self-assessment tool to find out.

Kirwans has offices in Liverpool and Wirral and represents private and commercial clients across the UK. To find out more about Kirwans, visit its website or call 0808 2531 426.

Speak to us

If you’re not sure what sort of help you need, get in touch and we’ll help you work things out.

Leaf Leaf