GDPR – Not Another Y2K Damp Squib
Many have queried whether the hype surrounding the implementation of the GDPR and the "reforms" to our Data Protection regime was all bluster and scaremongering.
That is not the case according to the Information Commissioner's Office (ICO), who announced on 26 September 2018 that it had commenced formal enforcement action against 34 organisations who had failed to pay the new data protection fee under the Data Protection (Charges and Information) Regulations 2018, which require all organisations which process personal data to pay a scaled fee to the ICO unless they are exempt.
The 34 notices of intent were sent in September 2018 to a range of organisations across both the public and private sectors including the NHS, recruitment organisations, and financial services. The ICO has also stated that more notices are in the drafting stage and will be issued shortly. The organisations have 21 days to respond to the notices. If they pay the relevant fee, no further enforcement action will be taken.
A failure to respond to an enforcement notice or refusal to pay could result in a fine from £400 to £4,000 depending on the size and turnover of the organisation.
This message serves as a warning that the GDPR was not a passing trend and organisations should consider how they implement data protection, and whether that complies with the "new" regime.