‘How much???’ The ICO publishes new fining guidance

The guidance provides useful clarifications, but the ICO will still determine penalties on a case-by-case basis. By Nicola Fulford and Kathleen McGrath of Hogan Lovells.

The ICO has published its Data Protection Fining Guidance, aiming to clarify why the ICO decides to issue penalty notices as well as how it calculates fines under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018).

The guidance has been published following a public consultation late last year. The guidance focuses on fines arising out of violations of the UK GDPR and DPA 2018; it does not change the rules for fines levied under the Privacy and Electronic Communications Regulations 2003 (PECR).

It is without doubt that the new guidance will help clarify the position around data protection fines. A question that remains is how businesses can respond to the new clarifications and to what extent this will make it easier to calculate financial risk in a particular situation.

Continue Reading

UK Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.