Automated Summary
Key Facts
Bright Bee Communications Ltd, a data controller under the Data Protection Act 2018, failed to pay the data protection fee and provide required information by 19 June 2018. The Information Commissioner served a Notice of Intent on 21 November 2018 and a Penalty Notice of £400 on 18 February 2019. The Appellant appealed, claiming it did not receive the Notice of Intent (sent to its registered office address) and did not understand an email reminder sent on 4 June 2019. The Tribunal dismissed the appeal, finding the Appellant had no reasonable excuse for the default and confirmed the penalty.
Issues
The tribunal determined the Appellant lacked a reasonable excuse for failing to pay the data protection fee and cancel registration. The tribunal found the Appellant should have had compliance systems in place, the email reminder was clear, and the burden of proof for a reasonable excuse was not met, leading to dismissal of the appeal.
Holdings
The First-Tier Tribunal dismissed Bright Bee Communications Ltd's appeal against a £400 penalty for failure to comply with Data Protection Regulations. The Tribunal found no reasonable excuse for the Appellant's failure to pay the required fee or cancel registration, confirming the penalty as appropriate under the Regulations.
Remedies
The Tribunal dismissed the appeal and confirmed the Penalty Notice dated 18 February 2019, which imposed a penalty of £400.
Monetary Damages
400.00
Legal Principles
- The burden of proof for the Appellant to demonstrate the Commissioner's decision was wrong in law or involved an inappropriate exercise of discretion rests with the Appellant.
- The Tribunal applied the judicial approach of assessing a 'reasonable excuse' for non-compliance, as approved in case law (The Clean Car Company v HMRC), which is fact-specific.
Precedent Name
- The Clean Car Company v HMRC
- The Pensions Regulator v Strathmore Medical Practice
Cited Statute
Data Protection Act 2018
Judge Name
- Nigel Watson
- John Randall
- Moira Macmillan
Passage Text
- We have considered whether the Appellant has advanced a reasonable excuse for its failure to comply with the Regulations. We conclude that it has not. We conclude that a reasonable data controller would have systems in place to comply with the Regulations and that the Appellant has pointed to no particular difficulty or misfortune which explains its departure from the expected standards of a reasonable data controller.
- We note that a registered company should be contactable through its registered office address and that this arrangement appears not to have been in place for the Appellant. We view this as an essential requirement. We conclude that the Appellant has no reasonable excuse for its failure to meet the expected standards of a reasonable data controller.