United Kingdom: Adopted ICO Data Protection Fining Guidance

Adopted ICO Data Protection Fining Guidance

On 18 March 2024, the Information Commissioner's Office (ICO) adopted the Data Protection Fining Guidance under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018). The guidance outlines the legal framework that enables ICO to impose fines, the factors assessed in the decision to impose a penalty and the fine amount. Furthermore, the guidance specifies ICO's approach in cases of multiple infringements, noting that the fine will not exceed the penalty for the gravest infringement.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-10-02

in consultation

On 2 October 2023, the UK Information Commissioner’s Office (ICO) opened a consultation on the draf…

2023-11-27

processing consultation

On 27 November 2023, the UK Information Commissioner’s Office (ICO) closed the public consultation …

2024-03-18

adopted

On 18 March 2024, the Information Commissioner's Office (ICO) adopted the Data Protection Fining Gu…

Description

Adopted ICO Data Protection Fining Guidance

Scope

Complete timeline of this policy change