The Information Commissioners Office (ICO) has published new Data Protection Fining Guidance which covers:

• the circumstances in which the ICO would consider it appropriate to issue a fine, and
• how the ICO determines the amount of any fine imposed.

Under the current Statutory Guidelines, the ICO may impose a fine if an organisation has failed to comply with their regulations.

The Commissioner can impose fines for a wide range of different infringements under the UK GDPR and DPA 2018. The Commissioner will assess each case individually, taking into account the relevant circumstances, before deciding whether it is appropriate to exercise the Commissioner’s administrative discretion to issue a penalty notice.

For full details of this guidance please follow this link: Data Protection Fining Guidance | ICO