What sort of penalties might we suffer for breaching the Data Protection Act?
The Data Protection Act 1998 contains a number of enforcement mechanisms designed to encourage compliance with the new data protection regime. The Information Commissioner has the power to investigate complaints from aggrieved individuals and to require those who process personal information to respond to his enquiries. He usually attempts to resolve issues by correspondence, but he can serve enforcement notices demanding compliance with the Act. Failure to comply with such a notice is a criminal offence, punishable by a fine of up to £5,000 (in a case brought in a magistrates’ court), or an unlimited amount (in the Crown Court). There is no firm introduction date yet, but the Criminal Justice and Immigration Act 2008 also authorises the Information Commissioner to issue substantial (although the amounts have yet to be fixed) ‘monetary penalty notices’ to data controllers where there has been: • a serious contravention of the data protection principles (see questions 1 and 7) • that is
In almost all cases, these are fines, or even lawsuits that can cost a company a lot of money. I would say that a business should take care of the protection of the data of its users in order to work calmly and correctly. Hire a GDPR consultant for example to solve all the problems.
