{"id":175796,"date":"2022-09-13T04:37:50","date_gmt":"2022-09-13T03:37:50","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=175796"},"modified":"2024-05-07T03:02:37","modified_gmt":"2024-05-07T02:02:37","slug":"customer-data-collection","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/","title":{"rendered":"What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0"},"content":{"rendered":"\n<p>As a business owner, you must ensure that your company handles sensitive information, including consumer data, safely and securely. This is important from a customer service perspective. Additionally, it is a requirement of the General Data Protection Regulation (GDPR). It is essential that your company fully complies with the GDPR due to the powers given to the Information Commissioner\u2019s Office (ICO) to issue fines of up to \u00a317.5m to businesses that fail to do so. This article will explore the limits the GDPR establishes on customer data collection in England to help your business avoid hefty fines from the ICO.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Limits Does the GDPR Place Upon My Company\u2019s Collection of Customer Data?<\/h2>\n\n\n\n<p>The GDPR attaches great importance to customer information. In particular, the GDPR sets rules regarding pieces of personal information that can identify the customer, such as their:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>name;\u00a0<\/li>\n\n\n\n<li>address; or\u00a0<\/li>\n\n\n\n<li>telephone number.<\/li>\n<\/ul>\n\n\n\n<p>Some of the main rules set by the <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/seven-main-gdpr-principles\/\">GDPR<\/a> regarding customer data include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>your organisation must only keep customer data for as long as reasonably necessary;<\/li>\n\n\n\n<li>you must ensure your company handles all customer data openly and transparently; and<\/li>\n\n\n\n<li>your business must ensure that it does not collect information that is irrelevant, excessive or outside the purpose given to the customer.<\/li>\n<\/ul>\n\n\n\n<p>Let us explore each of these <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/reasons-limiting-customer-data\/\">limits<\/a> in turn below.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Only Store Customer Data Whilst it Remains Useful<\/h2>\n\n\n\n<p>The GDPR and ICO require your business to only keep information for as long as it is practical. This means that your organisation should delete any customer data which no longer serves a useful purpose.<\/p>\n\n\n\n<div  class=\"box box--icon box--info\">\n    <!-- wp:paragraph -->\n<p>So let us quickly consider two similar scenarios below:<\/p>\n<!-- \/wp:paragraph --> <!-- wp:list -->\n<ul>\n<li>a customer orders one item from your website two years ago and, in the process, clicks <em>\u2018yes\u2019 <\/em>to a question about wishing to be subscribed to your email newsletter; and<\/li>\n<li>a customer orders one item from your website two years ago but clicks <em>\u2018no\u2019<\/em> to the question about email newsletter subscription.<\/li>\n<\/ul>\n<p><!-- \/wp:list --><\/p>\n<\/div>\n\n\n\n<p>In the first scenario, the customer\u2019s email address remains useful information because the individual asks your company to continuously send them an email newsletter until any date upon which they unsubscribe.<\/p>\n\n\n\n<p>However, in the second scenario, it is questionable whether you need to keep the email address of a one-off customer from two years ago who has no interest in email correspondence. Your business should assess whether to delete the data within its next data audit.<\/p>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/175796#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>URL<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175796' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='Lfxa8yWeLdMqBrenVaWknVuE9f4lAYFLS9Cdcno2KdOZerFhknBuO8QpIkaIjlaGhnlsjWRQPIvXQ7QWdoTTomjC7f\/p2pOuuYVLkn0PydW6QpE=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\">2. Handle All Customer Data Openly and Transparently<\/h2>\n\n\n\n<p>It is important to inform customers of your responsibilities and intentions regarding their information. Many businesses do so through a <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/fitness-studio-privacy-policy\/\">Data Privacy Policy<\/a> (or similar), which can live on the company website.&nbsp;<\/p>\n\n\n\n<div  class=\"box box--icon box--info\">\n    <p>The GDPR makes clear that an individual should be made aware, in advance, of any scenario in which you may disclose their data to other parties or agencies. You may have noted that some organisations provide you with a booklet or PDF file explaining the situations in which they will pass your information to others. An actual life situation in England is with car insurance providers, who routinely inform potential and existing customers that they may send their details to a central register or fraud agencies to guard against insurance fraud.<\/p>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">3. Avoid Collecting Irrelevant or Excessive Information<\/h2>\n\n\n\n<p>One of the ICO\u2019s main concerns involves businesses collecting irrelevant or excessive information.&nbsp;Instead, the ICO expects organisations to sieve such data and only record information allowing the parties to conduct business with each other.<\/p>\n\n\n\n<p>For example, suppose a customer enters a shop to purchase milk. The ICO would disapprove if the cashier attempts to record their full name, postal address and phone number. This is because it is irrelevant to the transactional relationship.<\/p>\n\n\n\n<p>In contrast, if an individual enters a bank to open a new bank account, the need for accurate ID would warrant collecting their full name, address, driving licence, and passport details. This is because all this information is relevant to confirming the individual&#8217;s identity. In this way, the GDPR and ICO focus on an actual need for information rather than setting hard lines. In reality, this means that your business must be able to provide <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-mapping\/\">reasoning for collecting certain types of personal data<\/a>. Additionally, you must demonstrate that you do not breach the GDPR\u2019s collection terms.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways<\/h2>\n\n\n\n<p>It is wise for your company to limit the amount of customer data in its possession. Doing so limits the risk of non-compliance with the GDPR whilst also lowering the risk of a hefty ICO fine in the event of a cyber attack (because less customer information is at risk of theft).&nbsp; From a financial standpoint, storing a lower amount of customer data also makes sense because it can help limit the cost of any digital storage devices (or the cost of online cloud storage).<\/p>\n\n\n\n<p>If you need help ensuring your business collects and stores customer data in line with the GDPR, our experienced <a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\">Data, Privacy and IT lawyers<\/a> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <a href=\"https:\/\/legalvision.co.uk\/membership\/\">membership page<\/a>.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1663039764531\"><strong class=\"schema-faq-question\"><strong>What is the maximum level of fine from the ICO?<\/strong><\/strong> <p class=\"schema-faq-answer\">The ICO has the power to enforce fines of up to \u00a317.5m against businesses in England. However, this is a ceiling and, realistically, penalties in the millions of pounds are relatively rare. In saying this, it is not uncommon for the ICO to hand out fines in the tens of thousands of pounds, so your business still needs to take heed of them and the relevant GDPR rules.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1663039772320\"><strong class=\"schema-faq-question\"><strong>Why does the GDPR protect consumer privacy to such a high degree?<\/strong><\/strong> <p class=\"schema-faq-answer\">Because the GDPR (and, by extension, the ICO) believes that personally identifiable information (data that can identify an individual) is worth enhanced protection. Your organisation should take every reasonable step to protect this sensitive data.<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"1a3344bcd7\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/175796\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>As a business owner, you must ensure that your company handles sensitive information, including consumer data, safely and securely. This is important from a customer service perspective. Additionally, it is a requirement of the General Data Protection Regulation (GDPR). It is essential that your company fully complies with the GDPR due to the powers given<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\">Continue reading <span class=\"sr-only\">&#8220;What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0&#8220;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":3110,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"175035,1065,2104,175122,175385,1024","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[20,366,383,642,798],"class_list":["post-175796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-data-privacy","tag-data-controller","tag-gdpr-complicance","tag-data-protection-rules"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GDPR Limits on Customer Data Collection | LegalVision<\/title>\n<meta name=\"description\" content=\"This article will explore the various limits the GDPR places on companies when collecting customer data, to help you avoid ICO fines.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR Limits on Customer Data Collection | LegalVision\" \/>\n<meta property=\"og:description\" content=\"This article will explore the various limits the GDPR places on companies when collecting customer data, to help you avoid ICO fines.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-13T03:37:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T02:02:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1060\" \/>\n\t<meta property=\"og:image:height\" content=\"716\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0\",\"datePublished\":\"2022-09-13T03:37:50+00:00\",\"dateModified\":\"2024-05-07T02:02:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\"},\"wordCount\":853,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg\",\"keywords\":[\"small business\",\"data privacy\",\"data controller\",\"gdpr complicance\",\"data protection rules\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\",\"name\":\"GDPR Limits on Customer Data Collection | LegalVision\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg\",\"datePublished\":\"2022-09-13T03:37:50+00:00\",\"dateModified\":\"2024-05-07T02:02:37+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"This article will explore the various limits the GDPR places on companies when collecting customer data, to help you avoid ICO fines.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039764531\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039772320\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg\",\"width\":1060,\"height\":716,\"caption\":\"What Is a Non-Executive Director? | LegalVision UK\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039764531\",\"name\":\"What is the maximum level of fine from the ICO?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The ICO has the power to enforce fines of up to \u00a317.5m against businesses in England. However, this is a ceiling and, realistically, penalties in the millions of pounds are relatively rare. In saying this, it is not uncommon for the ICO to hand out fines in the tens of thousands of pounds, so your business still needs to take heed of them and the relevant GDPR rules.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039772320\",\"name\":\"Why does the GDPR protect consumer privacy to such a high degree?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Because the GDPR (and, by extension, the ICO) believes that personally identifiable information (data that can identify an individual) is worth enhanced protection. Your organisation should take every reasonable step to protect this sensitive data.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR Limits on Customer Data Collection | LegalVision","description":"This article will explore the various limits the GDPR places on companies when collecting customer data, to help you avoid ICO fines.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/","og_locale":"en_GB","og_type":"article","og_title":"GDPR Limits on Customer Data Collection | LegalVision","og_description":"This article will explore the various limits the GDPR places on companies when collecting customer data, to help you avoid ICO fines.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-09-13T03:37:50+00:00","article_modified_time":"2024-05-07T02:02:37+00:00","og_image":[{"width":1060,"height":716,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0","datePublished":"2022-09-13T03:37:50+00:00","dateModified":"2024-05-07T02:02:37+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/"},"wordCount":853,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg","keywords":["small business","data privacy","data controller","gdpr complicance","data protection rules"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/","name":"GDPR Limits on Customer Data Collection | LegalVision","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg","datePublished":"2022-09-13T03:37:50+00:00","dateModified":"2024-05-07T02:02:37+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"This article will explore the various limits the GDPR places on companies when collecting customer data, to help you avoid ICO fines.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039764531"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039772320"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24121509\/business-image-052250.jpg","width":1060,"height":716,"caption":"What Is a Non-Executive Director? | LegalVision UK"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"What Limits Does the GDPR Place on My Company Collecting Customer Data in England?\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039764531","name":"What is the maximum level of fine from the ICO?","acceptedAnswer":{"@type":"Answer","text":"The ICO has the power to enforce fines of up to \u00a317.5m against businesses in England. However, this is a ceiling and, realistically, penalties in the millions of pounds are relatively rare. In saying this, it is not uncommon for the ICO to hand out fines in the tens of thousands of pounds, so your business still needs to take heed of them and the relevant GDPR rules.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/customer-data-collection\/#faq-question-1663039772320","name":"Why does the GDPR protect consumer privacy to such a high degree?","acceptedAnswer":{"@type":"Answer","text":"Because the GDPR (and, by extension, the ICO) believes that personally identifiable information (data that can identify an individual) is worth enhanced protection. Your organisation should take every reasonable step to protect this sensitive data.","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=175796"}],"version-history":[{"count":4,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175796\/revisions"}],"predecessor-version":[{"id":187577,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175796\/revisions\/187577"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/3110"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=175796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=175796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=175796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}