ICO notifies multi-million pound fines for data breaches under the GDPR

The UK's data privacy regulator, the ICO, has started issuing notices of intention to fine data controllers under GDPR for data breaches, with two significant fines announced in the last week.

The maximum fine the ICO can impose for a breach of data protection laws increased under GDPR from £500k under the Data Protection Act 1998 to €20m or 4% of global annual turnover, whichever is greater. GDPR also introduced stronger data breach reporting and notification requirements.

The ICO has now issued two notices of intention to fine in respect of some high profile data breaches which were notified after GDPR came into effect. The data controllers receiving these notices have been given time to make representations to the Commissioner, who will consider these before making a final decision.

For more on the actions of the ICO, head over to our sister blog technology law update.

Posted by

Tags

Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
Sites
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R

Visitors

Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.

Existing clients

Log in to your client extranet for free matter information, know-how and documents.

Staff

Mills & Reeve system for employees.