ICO fines for practices who do not pay their registration fees

From 25 May 2018, the Data Protection (Charges and Information) Regulations 2018 required every organisation or sole trader who processes personal information to pay a data protection fee to the Information Commissioners Office (ICO), unless they are exempt. The new data protection fee replaces the previous requirement to ‘notify’ (or register) with the ICO. For most organisations the fee remains unchanged at £35 a year if paid by direct debit.

Make sure you pay your fee to the ICO when it becomes due, as since September 2018, the ICO (Information Commissioners Office) has issued 900 notices of intent to fine to organisations, including GP practices, for non-payment of their registration fee and last month, the ICO also issued the first 100 penalty notices.

If you do not pay then the ICO fine can range from £400 to £4,350. ICO fines are tiered to reflect the size of individual organisations, ie, organisations in the lowest tier (turnover of up to £630,000 or up to 10 employees) can be fined £400 for failing to pay their annual fee. Organisations in the next tier up (turnover of up to £36m or up to 250 employees) can face a £600 fine for failing to pay their annual fee.

The ICO has taken a strong line on non compliance by organisations, stating: “You are breaking the law if you process personal data or are responsible for processing it and do not pay the data protection fee to the ICO”.

It is also worth noting that at the time of paying your registration fee you will need to provide details of your DPO (Data Protection Officer).

Further information is available on the ICO website.

Last updated : 17 Dec 2018

 

Londonwide LMCs conference 2019 round-up (19 Mar 2019)

On 12 March 2019 we hosted our annual conference – titled “All Together Now” - at the Kia Oval. The day was a great success with an array of guest...
Read more »

New ICO advice on handling Subject Access Requests (19 Mar 2019)

The Information Commissioner’s Office (ICO) have recently released a blog containing further advice for GPs and practices on the right of access for patients, commonly called Subject Access Requests (SARs)....
Read more »

Londonwide LMCs’ board changes (15 Mar 2019)

Following elections we would like to welcome Dr Anouska Hari (NW) and Dr Naureen Bhatti (NC/NE) to the board.  Dr Marek Jarzembowski (South), Dr Robbie Bunt (NC/NE), Dr Simon Parton...
Read more »

New BMA locum template terms and conditions (13 Mar 2019)

The BMA GPC and sessional subcommittee have jointly produced model terms of engagement for locum GPs, which they recommend both practices and locums should proactively adopt. It should be noted that...
Read more »

Tips of the month February 2019 (19 Feb 2019)

We provide weekly tips based on common queries which come through to us from London GPs and practice teams. These are shared via social media and collated for...
Read more »

QOF business rules coding issues – update for practice teams (19 Feb 2019)

Please note that no action is currently needed by practices on this matter, but you should read the information carefully. Following the introduction of the SNOMED-CT coding in 2018/19, NHS...
Read more »

Type 2 opt-outs replaced by the national data opt-out (19 Feb 2019)

Type 2 opt-outs have been replaced by the national data opt-out so practices must no longer use the type 2 opt-out code to record a patient's opt-out choice as it...
Read more »

The Data Security and Protection Toolkit (DSPT) – further guidance now available (19 Feb 2019)

The The Data Security and Protection Toolkit (DSPT) replaced the Information Governance toolkit from April 2018. The DSPT is an online self-assessment toolkit that has to be used by all...
Read more »
Next Page »
« Previous Page