2 minute read
GDPR: Beware falling foul of the ICO
The Information Commissioner’s Office, which monitors implementation of data protection regulations, has been clamping down on organisations flouting the rules.
Kim Sayer, associate at Neves Solicitors, looks at the measures companies should have in place to remain off the ICO’s radar.
the ease of reporting any breaches (or suspected breaches) is easier than ever.
Any person can make a complaint to the ICO, and enforcement is strict. GDPR mandates rigorous standards – going much further than its predecessor, the Data Protection Act – with the aim of building the trust of individuals whose data is held and used more and more in the ever evolving digital and online business world. A report against a business may result in an investigation and an audit of the data processing systems and protections. This costs business both time and money and with all action published on their website, could leave your name coming up in quite unfavourable search results.
If you process or hold any personal data as defined by the regulations, you are also obliged to register with the ICO. Failure to do so can result in an automatic penalty of up to £4,000. In 2024 alone, 11 such fines have been issued where it has come to light that businesses have not properly registered and paid the annual fee (ranging between £40 for small organisations with a turnover of less than £632,000 to £2,900 for large organisations).
Put practices in place to stay within the rules
Here at Neves, we understand that making sure data is properly collected, used, stored and protected can seem like a constant uphill; battle. The evolving world of online business complicates the task further – with the ability of clients to opt in or opt out, and where they need to consent so that a service can be provided, needing to be clear and obvious. However, a good understanding of the principles of data protection, and a thorough audit of your practices can avoid your name coming across the ICO’s desk.
As well as advising on the 7 principles of protection of personal data and how they apply to you, we have expertise in drafting a whole range of terms and conditions, including privacy and cookie policies and data processing and sharing arrangements. We can assist your organisation in undertaking an audit of your current practice to ensure compliance and review your terms of business or contracts to ensure that they are fully up to date and interact cohesively with other mandated policies and marketing strategies. If you use suppliers, consultants or other contractors where personal data is shared, a review of their GDPR policies and processes is also work that we can assist with – since any breach by them could also leave you open to action.
• If you have any concerns about whether you are compliant, or think that you could do with a general health check to ensure that you meet the strict requirements of the GDPR and the ICO, please contact Kim Sayer, Associate in Commercial Law. Kim will discuss the best strategy to help you avoid complaints, penalties and fines.
kim.sayer@nevesllp.co.uk
01582 715234 www.nevesllp.co.uk
