Posted by Mei-Ling Huang, Partner
Care homes – have you paid your data protection fee?
The Information Commissioner’s Office (ICO) has begun formal enforcement action against care homes that have failed to pay the data protection fee (the Fee).
The Fee was set by the Government as part of the new wave of data protection legislation that came in to force in May this year, the purpose of which is to ensure the ICO is adequately funded so that it can carry out its work in upholding the privacy and data protection rights of individuals across the country.
Under the new data protection legislation, all organisations that process personal data must pay the Fee to the ICO. The size of the Fee will depend on which tier the organisation in question falls into based on its size, turnover and whether it is a public authority or a charity.
The Fee will range from £35 for very small organisations to just under £3,000 for larger organisations on the basis they will hold and process much larger volumes of data. Once the Fee has been paid, the organisation will be listed on the ICO’s register of data controllers.
Enforcement action against care homes
The ICO has identified that the care home sector is currently under-represented on the register and as the data that is processed by care homes is particularly sensitive (often relating to care home users’ medical conditions), there are no exemptions to paying the Fee which care homes can rely on which would account for this under-representation.
The ICO has sent notices of its intent to fine the care homes in the event they do not pay the fee. The Deputy Chief Executive Officer at the ICO, Paul Arnold, has indicated that these notices will serve as a final demand for payment and as such, if they are ignored by care homes, the ICO is likely to issue a fine. More than 100 organisations have recently been fined (across a range of sectors) for non-payment of the Fee which shows that this is a matter the ICO is taking very seriously.
What should you do if you receive a notice from the ICO?
Care homes have 21 days to respond to the notices so it is important that you act fast. If the fee is paid within the set timeframe then it is likely the ICO will stop any enforcement action and not issue a fine.
In the event a fine is issued, the amount will depend on the size and turnover of the care home and aggravating factors may lead to the fine being increased. It is also important to note that failure to pay the Fee is a civil offence under the new data protection legislation.
As such, if you receive a notice from the ICO, you should contact our privacy team and we will be able to support you in responding to the ICO as soon as possible.
If you have any enquiries please contact our Dispute Resolution team on:
0800 182 2469 Email us
Minimise the impact with our dispute resolution solicitors