ICO publishes new fining guidance

The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines.

The guidance provides greater transparency for organisations about how the ICO goes about using its fining power. 

Tim Capel, ICO Director of Legal Service, said:

“We believe the guidance will provide certainty and clarity for organisations.

It shows how we reach one of our most important decisions as a regulator by explaining when, how and why we would issue a fine for a breach of the UK General Data Protection Regulation or Data Protection Act 2018.”

Publication of the guidance follows a consultation last year, where views were gathered on a draft version.

The new guidance replaces the sections about penalty notices in the ICO Regulatory Action Policy published in November 2018. 

Among other things, the guidance explains:

  • the legal framework that gives the ICO the power to impose fines –helping people more easily navigate the complexity of the legislation;
  • how the ICO will approach key questions, such as identifying the wider ‘undertaking’ or economic entity of which the controller or processor forms part; and
  • the methodology the ICO will use to calculate the appropriate amount of the fine.

Related posts

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.