New fining guidance published by the Information Commissioner’s Office

News, Security,

The Information Commissioner’s Office (ICO) has released some new data protection fining guidance showing how it decides to issue penalties and calculate fines. A consultation on the guidance took place last year and the new guidance provides greater transparency on how the ICO uses its power to fine.

The sections about penalty notices in the ICO Regulatory Action Policy are replaced by the new guidance.

The guidance sets out the infringements for which the ICO can impose a fine as well as the factors that the ICO will take into account when deciding whether to issue a penalty notice and in determining the amount.

It also sets out the five steps that the ICO take in calculating the amount of a fine. These are:

Step 1 – Assess the seriousness of the infringement

Infringements with a high degree of seriousness will have a starting point of 20% and 100% of the legal maximum. A medium degree of seriousness will start between 10% and 20%, and a lower degree of seriousness will have a starting point between 0% and 10%.

Step 2 – Account for turnover

Since the statutory maximum fine amounts apply to all organisations regardless of size, the ICO will consider the turnover of the organisation in question to see whether the starting point should be adjusted. The guidance sets out what adjustments would be made for varying levels of turnover.

Step 3 – Calculate the starting point

Based on the outcome of the first two steps, the ICO will then calculate what the starting point for the fine will be. The guidance provides a table of indicative ranges.

Step 4 – Consider aggravating and mitigating factors

The ICO will then consider if there are any aggravating or mitigating factors that would warrant an increase or decrease in the level of fine that has been calculated.

Step 5 – Any adjustments to ensure the fine is effective, proportionate and dissuasive

Finally, the ICO would consider the circumstances of the case to assess whether the figure arrived at is effective, proportionate and dissuasive as well as no more than the statutory maximum amount. An adjustment to the fine amount may be made as a result.

It’s reassuring to know that there is a process behind penalties and fines, though of course the hope is that we never need to become any more familiar with it!

If you’d like to see the guidance in full, you can do that here

Business News

We send regular updates that keep clients aware of changes and suggestions on a wide range of subjects; if you’d like to receive those too, just add your details below and we’ll do the rest! We promise not to bombard you and you can unsubscribe at any time.

  • This field is for validation purposes and should be left unchanged.
If you've found this post helpful, please share it with others…