| Link(s): | ICO publishes new fining guidance | ICO Data Protection Fining Guidance | ICO Regulatory Action Policy (ico.org.uk) |
Context
The Information Commissioner’s Office has published new guidance, which sets out how it decides to issue penalties and calculate fines. Publication of this guidance follows last years consultation, where views were gathered on a draft version.
Key points to note and next actions
The ICO’s new guidance replaces the sections about penalty notices in the ICO Regulatory Action Policy, published in November 2018, and provides greater transparency for organisations about how it uses its fining power.
The guidance provides clear explanations of:
- The legal framework that gives the ICO the power to impose fines;
- How the ICO will approach key questions; and
- The methodology the ICO will use to calculate the appropriate amount of the fine.