You are breaking the law if, as a controller, you process personal data, or are responsible for the processing of personal data, for any of the non-exempt purposes and you have either:
- not paid a fee, or
- not paid the correct fee.
The maximum penalty is a £4,350 fine (150% of the top tier fee.)