ICO are fining care homes for failure to pay new data protection fee

The Information Commissioner’s Office (ICO) has started to take action against care homes for failure to pay the data protection fee. Notices of their intent to fine the businesses have been sent and those that do not pay could face a maximum fine of £600.

The first fines have been sent to more than 100 organisations across a range of sectors for non-payment of the fee. Providers have 21 days to respond to the notice and once they pay, action will stop.

The fees and fines are as follows:

    • Tier 1 – micro organisations. Maximum turnover of £632,000 or no more than ten members of staff. Fee: £40 Fine: £400
    • Tier 2 – SMEs. Maximum turnover of £36million or no more than 250 members of staff. Fee: £60 Fine: £600
    • Tier 3 – large organisations. Those not meeting the criteria of Tiers 1 or 2. Fee: £2,900. Fine £4,000

Providers need to be aware that due to the highly sensitive nature of the information they process, they are not exempt from these fines.