GDPR Update

As you are no doubt aware, from all of the publicity at the time, the General Data Protection Regulations (GDPR) came into force on 25 May 2018.  The GDPR impose various heightened regulations upon organisations in relation to processing of personal data.

One of the new requirements is that organisations must pay a Data Protection Fee to the Information Commissioners Office (ICO) which is used to fund the ICO’s work and the services that it offers, such as the ICO advice line, online resources and new guidance on GDPR.

The ICO has recently served 34 Notices of Intent (‘Notices’) to organisations across both the public and private sector including the NHS, recruitment organisations, financial services and government departments.  The ICO has advised that it is preparing more Notices which will be issued shortly.  Organisations have 21 days to respond to a Notice and pay the fee.  If they do not, further enforcement action will be taken.  Failure to respond to an enforcement notices or refusal to pay the fee could result in a fine of between £400.00 to £4,000.00 depending on the size and the turnover of the organisation.

The regulations require all organisations that process personal data to pay the relevant fee, save for some exemptions.  There is a helpful tool on the Information Commissioners Office’s website which you can use to establish whether or not the fee is payable by your organisation.

Paul Robinson Solicitors LLP can assist you with the preparation of are available to take instructions on the drafting of GDPR related documentation such as privacy notices and internal policies.  It is critical that you have such documentation in place to ensure your compliance with GDPR.

If you require any assistance in relation to GDPR please do not hesitate to contact Ana James-Pittau on 01702338338 or ajames-pittau@paulrobinson.co.uk.