As mentioned previously, failure to register with the ICO or comply with the Data Protection Act is a criminal offence and could result in prosecution and substantial fines from the Information Commissioner’s Office.koordinerede-kontrolaktioner--p-kant-med-loven-29retssikkerhed

Such penalties also bring about adverse publicity and could be very damaging to a business, particularly in a service industry.

Cases of data protection law breaches have sometimes been quite high profile.
For example:

  • In 2010, a council was fined when they inadvertently faxed details of an offender to a member of the public instead of a barrister.
  • Also in 2010, a firm was fined for allowing an employee to take home an unencrypted laptop containing customers’ personal details.
  • In 2007, the Nationwide Building Society was fined near £1million for failing to have an adequate security system.

Penalties may arise from situations such as:

  • Sending unsolicited marketing emails.
  • Failing to dispose of confidential paperwork securely.
  • Not having adequate access rights in place.
  • Carelessly leaving data, such as laptops, lying around.
  • Selling data without seeking permission.
  • Not obtaining a Data Protection license from the ICO.