Legal News | 15.10.17

Oliver Price’s Weekly Wansbroughs GDPR Blog

This is my first blog about the general data protection regulations which will come into force on 25 May 2018 that is in 232 days. A lot of myths are circulating and presented as facts in the news. I will endeavour to keep a sense of balance in this blog each week. I am also seeking to de-bunk a lot of the myths about the new General Data Protection Regulations (GDPR).

The first myth is that there will be massive fines and that the Information Commissioner will be funded in her work out of those fines.

The second part of this myth is essentially wrong. The first part is partially true. Whilst it is true that the maximum fine that the ICO can impose will be much bigger i.e. from £500,000 to approximately £17,000,000 or 4% of company turnover, the ICO has made clear that she does not intend to go on a campaign of seeking ever greater fines from industries. There will doubtless be larger cases with very large companies that fall outside the original fine levels, however, the ICO has reported that her policy would be to take a reasonable approach and she has also mentioned that last year, i.e. 2016/2017 of the 17,300 cases concluded with only 16 fines for the organisations concerned. One thing that makes a very substantial difference to the ICO is that if there is a data breach, the organisation has a system in place to deal with it, so there will be significant and different levels of treatment for organisations who can show that they have attempted to comply with the new rules as against those who have simply ignored it.