{"id":172283,"date":"2022-07-20T10:35:15","date_gmt":"2022-07-20T09:35:15","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=172283"},"modified":"2023-02-28T22:54:11","modified_gmt":"2023-02-28T22:54:11","slug":"ico-fine-gdpr-breach","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/","title":{"rendered":"When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?"},"content":{"rendered":"\n<p>Data protection laws in the UK state that your business must safely handle, store and distribute personal data and sensitive information. <a href=\"https:\/\/ico.org.uk\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Information Commissioner\u2019s Office<\/a> (ICO) is the independent supervisory authority which ensures your business complies with data protection law. It can investigate alleged breaches of data protection laws such as the GDPR and issue your organisation a hefty fine. This article will explain when the Information Commissioner&#8217;s Office may investigate your company for breaching data protection law. This will help you to take appropriate action to avoid an investigation and potential enforcement action, which can include substantial fines from the ICO.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">ICO\u2019s Role<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">One of the <\/span><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-affect-business\/\"><span style=\"font-weight: 400\">primary purposes of the ICO<\/span><\/a><span style=\"font-weight: 400\"> is to act when your business fails to do any of the following:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">provide quick responses to Subject Access Requests (SARs);<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">correctly handle personal data of staff, customers or third parties;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">limit staff monitoring in the workplace to a reasonable level;&nbsp;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">correctly store, amend and delete employee records and data;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">avoid non-disclosure of personal information outside your business without the consent of that person (except for legal reasons); and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">report serious personal data breaches to the ICO within 72 hours.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">When your company acts in a way that fails to meet any of the above requirements, it risks triggering an ICO investigation which could ultimately lead to a fine.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">ICO Investigations<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The ICO may <\/span><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-enforcement-powers\/\"><span style=\"font-weight: 400\">start an investigation<\/span><\/a><span style=\"font-weight: 400\"> to audit your company. But, more commonly, it will begin an investigation following an individual lodging an online complaint against your organisation.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">The most common ICO complaints against companies include the following:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">failure to correctly handle a Subject Access Request (otherwise known as a SAR) in breach of the GDPR;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">unreasonable monitoring of employees at work;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">using sensitive personal information without consent or lawful purpose; and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">failing to report a serious personal data breach to the ICO within 72 hours.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">When the ICO carry out an investigation, it will:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">contact you to inform you of their concerns and any alleged breach of GDPR rules;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">ask you questions to aid their investigation;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">potentially ask for specific data from you; and&nbsp;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">conclude their investigation by deciding whether your business has breached data protection rules.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">If they decide that your company has committed a data protection breach, they will determine whether to provide your business with a penalty notice.<\/span><\/p>\n\n\n\n    <div class=\"my-7 lg:my-10 border-y-2 border-gray-100 py-7 lg:py-10 flex flex-col sm:flex-row items-start gap-10\">\n                    <img decoding=\"async\" class=\"w-52 mx-auto my-0! rounded\" src=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/09\/06164254\/uk-startup-manual-290x410-1.jpg\" alt=\"Front page of publication\"\n                 loading=\"lazy\" width=\"208\" height=\"298\">\n                <section>\n            <div class=\"text-2xl font-bold\">UK Startup Manual<\/div>\n            <div class=\"body-text\">\n                <p>LegalVision&#8217;s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.<\/p>\n            <\/div>\n            \n\n<a href=\"https:\/\/go.legalvision.co.uk\/uk-startup-manual.html\" class=\" block px-5 py-3.5 max-w-fit bg-orange button__hover transition rounded text-white font-bold text-lg no-underline uppercase leading-tight text-center\" target=\"\" rel=\"\">Download Now<\/a>        <\/section>\n    <\/div>\n\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/172283#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Phone<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/172283' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='ixSnYj9qq3OYTkwwdDBgkcaHnSKpts+0e8oCr83QqcUzqzO0aCPc4Q0V9V4Es8Hu4+SLcZd6jdnsRAo6jxL8AGwzFM5Dz+y6pRBwXVFT0oJ9pHg=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Mitigating Circumstances<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The ICO wants to help and encourage your company to process data safely, so do not wish to provide unnecessary fines when a lesser sanction could have the same effect. Therefore, the ICO may issue a direction to take remedial action for a minor breach rather than automatically awarding you a fine. For example, remedial action might include your business implementing company policies to avoid future data breaches.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">The ICO will treat the following as mitigating circumstances:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">your business making a genuine effort to follow data protection rules (including any appointment of a <\/span><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/benefits-data-protection-officer\/\"><span style=\"font-weight: 400\">Data Protection Officer<\/span><\/a><span style=\"font-weight: 400\">);<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">where your company has not committed a breach or received a fine before;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">when you have provided staff training and have written policies to encourage good data handling by staff; and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">whether the actual harm to individuals (known as data subjects) was minor.<\/span><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Penalty Notice Cost<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/biggest-fines-ico\/\">largest fine<\/a> the ICO can award you is \u00a317.5m (or 4% of your annual global turnover). This maximum penalty is intentionally high to deter companies, like yours, from breaching data protection laws.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">However, in reality, the ICO will grade different data protection breaches differently depending on their seriousness. So, for example, they will award a minor fine for unlawful disclosure of ten individuals&#8217; home addresses outside the company than a leaked document on the internet containing the full names, home addresses, dates of birth and medical information of 1,000 employees. This is because the breach is much more severe due to the inclusion of such sensitive information, increasing the risk to those individuals of identity theft.<\/span><\/p>\n\n\n\n<div  class=\"box box--icon box--info\">\n    <p>During 2020 \u2013 2021, the ICO issued \u00a342m in fines against companies. These fines may increase; therefore, your company must comply with the relevant data protection requirements.<\/p>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Guarding Against ICO Fines<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">You must have complete knowledge of the data protection requirements that apply to your company to guard against receiving an ICO fine. Thankfully, the ICO website contains several handy, easy-to-read guides on handling Subject Access Requests to when to report a personal data breach to the ICO.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Key Takeaways<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">Your business must comply with data protection laws such as the GDPR. You must ensure that you handle and store data correctly. Otherwise, you will likely face an investigation by the ICO. This could result in a fine, though you may receive a less severe sanction if you can demonstrate you made genuine efforts to comply with your data obligations.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If you need help with data protection rules and ICO investigations into an alleged breach of the GDPR, our experienced <\/span><a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\"><span style=\"font-weight: 400\">data, privacy and IT lawyers<\/span><\/a><span style=\"font-weight: 400\"> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <\/span><a href=\"https:\/\/legalvision.co.uk\/membership\"><span style=\"font-weight: 400\">membership page<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Frequently Asked Questions<\/span><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1665577906495\"><strong class=\"schema-faq-question\"><strong>Will the ICO consider genuine attempts to follow their guidance when deciding on sanctions for a data breach?<\/strong><\/strong> <p class=\"schema-faq-answer\">Yes, the ICO will contain relevant mitigating circumstances, including a genuine intent to follow data protection rules.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1665577924281\"><strong class=\"schema-faq-question\"><strong>When is my company &#8216;processing&#8217; data?<\/strong><\/strong> <p class=\"schema-faq-answer\">The ICO considers your business to &#8216;process&#8217; data when it stores, records, discloses, retrieves, alters or deletes the information. Given how broad this definition is, it is easy to see how easily the ICO can become involved in any alleged breach of data protection law.<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"9eb4f72322\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/172283\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Data protection laws in the UK state that your business must safely handle, store and distribute personal data and sensitive information. The Information Commissioner\u2019s Office (ICO) is the independent supervisory authority which ensures your business complies with data protection law. It can investigate alleged breaches of data protection laws such as the GDPR and issue<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\">Continue reading <span class=\"sr-only\">&#8220;When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":653,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"4186,4295,1365,987,1724,131951","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[20,21,366,642,746,799],"class_list":["post-172283","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-medium-business","tag-data-privacy","tag-gdpr-complicance","tag-ico","tag-subject-access-request"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Receiving a Fine From the ICO and GDPR Breaches | LegalVision UK<\/title>\n<meta name=\"description\" content=\"The ICO has the power to fine companies that breach the GDPR. This article will explore when your business may face an ICO fine.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Receiving a Fine From the ICO and GDPR Breaches | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"The ICO has the power to fine companies that breach the GDPR. This article will explore when your business may face an ICO fine.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-20T09:35:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-28T22:54:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?\",\"datePublished\":\"2022-07-20T09:35:15+00:00\",\"dateModified\":\"2023-02-28T22:54:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\"},\"wordCount\":933,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"keywords\":[\"small business\",\"medium business\",\"data privacy\",\"gdpr complicance\",\"ICO\",\"subject access request\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\",\"name\":\"Receiving a Fine From the ICO and GDPR Breaches | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"datePublished\":\"2022-07-20T09:35:15+00:00\",\"dateModified\":\"2023-02-28T22:54:11+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"The ICO has the power to fine companies that breach the GDPR. This article will explore when your business may face an ICO fine.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577906495\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577924281\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg\",\"width\":1600,\"height\":1200,\"caption\":\"Trade Mark Cease and Desist: UK E-commerce Response Guide\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577906495\",\"name\":\"Will the ICO consider genuine attempts to follow their guidance when deciding on sanctions for a data breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes, the ICO will contain relevant mitigating circumstances, including a genuine intent to follow data protection rules.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577924281\",\"name\":\"When is my company 'processing' data?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The ICO considers your business to 'process' data when it stores, records, discloses, retrieves, alters or deletes the information. Given how broad this definition is, it is easy to see how easily the ICO can become involved in any alleged breach of data protection law.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Receiving a Fine From the ICO and GDPR Breaches | LegalVision UK","description":"The ICO has the power to fine companies that breach the GDPR. This article will explore when your business may face an ICO fine.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/","og_locale":"en_GB","og_type":"article","og_title":"Receiving a Fine From the ICO and GDPR Breaches | LegalVision UK","og_description":"The ICO has the power to fine companies that breach the GDPR. This article will explore when your business may face an ICO fine.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-07-20T09:35:15+00:00","article_modified_time":"2023-02-28T22:54:11+00:00","og_image":[{"width":1600,"height":1200,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?","datePublished":"2022-07-20T09:35:15+00:00","dateModified":"2023-02-28T22:54:11+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/"},"wordCount":933,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","keywords":["small business","medium business","data privacy","gdpr complicance","ICO","subject access request"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/","name":"Receiving a Fine From the ICO and GDPR Breaches | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","datePublished":"2022-07-20T09:35:15+00:00","dateModified":"2023-02-28T22:54:11+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"The ICO has the power to fine companies that breach the GDPR. This article will explore when your business may face an ICO fine.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577906495"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577924281"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230606\/brand-design-00196.jpg","width":1600,"height":1200,"caption":"Trade Mark Cease and Desist: UK E-commerce Response Guide"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"When Could Your Business Face a Fine From the ICO for Breaching the GDPR in the UK?"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577906495","name":"Will the ICO consider genuine attempts to follow their guidance when deciding on sanctions for a data breach?","acceptedAnswer":{"@type":"Answer","text":"Yes, the ICO will contain relevant mitigating circumstances, including a genuine intent to follow data protection rules.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-fine-gdpr-breach\/#faq-question-1665577924281","name":"When is my company 'processing' data?","acceptedAnswer":{"@type":"Answer","text":"The ICO considers your business to 'process' data when it stores, records, discloses, retrieves, alters or deletes the information. Given how broad this definition is, it is easy to see how easily the ICO can become involved in any alleged breach of data protection law.","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/172283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=172283"}],"version-history":[{"count":25,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/172283\/revisions"}],"predecessor-version":[{"id":179853,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/172283\/revisions\/179853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/653"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=172283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=172283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=172283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}