I previously wrote about the legal obligations of company directors when it comes to Data Protection Notification – warning that under the law (S.55A of the Data Protection Act 1998 and The Data Protection (Monetary Penalties) Order 2010) the Information Commissioner’s Office can now issue fines of upto £500,000 to companies and organisations in breach of the Data Protection Act 1998.
The First Financial Penalties
The Information Commissioner’s Office has now made use of this power by issuing its first fines for data protection breaches. Hertfordshire County Council was issued a £100,000 fine for two data protection breaches which saw highly sensitive data ending up in the wrong hands by accident. While an employment services company was issued a £60,000 fine for failing to properly encrypt/protect a laptop (which was subsequently stolen) they allowed an employee to take home in order to work from home.
These incidents show that the Information Commissioner’s Office is taking a stronger stance with regards to data protection registration (and breaches) and it is important for every business to be aware of its legal obligations or risk serious financial penalties.
Registering Your Company & Avoiding The Fines
We’re here to help. If you’re just getting started in business, then our Data Protection Registration service is perfect for you. Ensuring correct notification of the Information Commissioner’s Office and including guidance on what you need to do in order to comply with the Data Protection Act 1998 and avoid unnecessary fines.
- First fines issued over data protection breaches – The Independent
- First Fines under new Data Protection Regime – Brodies LLP
- Data Protection Notification – Your legal obligations
- Data Protection – Registering Your Company
- Information Commissioner serves first monetary penalties for serious breaches of the Data Protection Act – The Information Commissioner’s Office (PDF)