Information Commissioner's Office
|Printable version
ICO publishes new fining guidance
The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines.
The guidance provides greater transparency for organisations about how the ICO goes about using its fining power.
Tim Capel, ICO Director of Legal Service, yesterday said:
“We believe the guidance will provide certainty and clarity for organisations.
It shows how we reach one of our most important decisions as a regulator by explaining when, how and why we would issue a fine for a breach of the UK General Data Protection Regulation or Data Protection Act 2018.”
Publication of the guidance follows a consultation last year, where views were gathered on a draft version.
The new guidance replaces the sections about penalty notices in the ICO Regulatory Action Policy published in November 2018.
Among other things, the guidance explains:
- the legal framework that gives the ICO the power to impose fines –helping people more easily navigate the complexity of the legislation;
- how the ICO will approach key questions, such as identifying the wider ‘undertaking’ or economic entity of which the controller or processor forms part; and
- the methodology the ICO will use to calculate the appropriate amount of the fine.
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
- The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- The ICO's strategic priorities are set out in ICO25, which includes safeguarding and empowering people, particularly vulnerable groups who are exposed to the greatest risk of harm.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/03/ico-publishes-new-fining-guidance/
Latest News from
Information Commissioner's Office
ICO reprimands Dover Harbour Board and Kent Police over information sharing18/03/2024 10:20:00
The Information Commissioner’s Office (ICO) has issued reprimands to Dover Harbour Board and Kent Police after they breached data protection law.
ICO reprimands London Mayor's Office for Policing and Crime for complaint web form error15/03/2024 14:10:00
The London Mayor’s Office was yesterday reprimanded by the Information Commissioner’s Office (ICO) for a web glitch that potentially revealed the personal information of people who were complaining about the Metropolitan Police Service.
ICO fines Wigan-based Pinnacle Life £80,000 for “predatory” spam call campaign07/03/2024 12:25:00
Wigan-based company Pinnacle Life has been fined £80,000 by the Information Commissioner’s Office (ICO) for a year-long unlawful spam phone call campaign.
ICO launches “consent or pay” call for views and updates on cookie compliance work06/03/2024 15:05:00
As part of our cookie compliance work, I committed to providing the online advertising industry with clarity on ways in which it can use advertising cookies in compliance with data protection law.
ICO takes regulatory action against five public authorities under the FOI Act05/03/2024 12:25:00
The Information Commissioner’s Office (ICO) has taken action against five public authorities for continued failings to meet their obligations under the Freedom of Information (FOI) Act.
ICO warns charities about direct marketing rules as it orders Penny Appeal to stop sending spam texts05/03/2024 09:10:00
The Information Commissioner’s Office (ICO) has ordered a charity to stop sending unsolicited marketing texts to people without their consent, as it reminds all charities of their legal obligations.
ICO reprimands West Midlands Police for data protection failure04/03/2024 10:20:00
The Information Commissioner’s Office (ICO) has issued a reprimand to West Midlands Police (WMP) after the force repeatedly mixed up two people’s personal information.
ICO reassures employers they can share staff data in a mental health emergency01/03/2024 16:15:00
The Information Commissioner’s Office (ICO) has published new guidance to give employers more certainty about sharing their workers’ personal details in a mental health emergency.
ICO finds the Home Office’s pilot of GPS electronic monitoring of migrants breached UK data protection law01/03/2024 14:10:00
The Information Commissioner’s Office (ICO) has issued an enforcement notice and a warning to the Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorised means.