{"id":175979,"date":"2022-09-21T17:17:48","date_gmt":"2022-09-21T16:17:48","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=175979"},"modified":"2024-10-29T06:45:41","modified_gmt":"2024-10-29T06:45:41","slug":"gdpr-letter-ico","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/","title":{"rendered":"What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.google.com\/search?gs_ssp=eJzj4tTP1TcwzosvLlZgNGB0YPBizkzOBwA2zwUP&amp;q=ico&amp;rlz=1C1CHBD_en-GBGB769GB769&amp;oq=ICO&amp;aqs=chrome.1.0i355i433i512j46i199i433i465i512j0i433i512l3j69i61l3.2749j0j7&amp;sourceid=chrome&amp;ie=UTF-8\" target=\"_blank\" rel=\"noreferrer noopener\">The Information Commissioner\u2019s Office (ICO)<\/a> is an independent body which aims to help UK organisations comply with the <a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/\" target=\"_blank\" rel=\"noreferrer noopener\">General Data Protection Regulation (GDPR)<\/a>. The UK GDPR contains most of the data protection rules applicable to your business, such as those to do with personal data.&nbsp;If your business is under investigation for a potential UK data protection law breach, the ICO may send GDPR-related letters. Notably, your business must respond to a GDPR letter. Not doing so can result in enforcement action such as hefty fines. This article will explain the nature of ICO correspondence, and how your company can correctly respond within the relevant timeframes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">The ICO\u2019s Powers of Investigation&nbsp;<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">Where there is an allegation against your business for a breach of the GDPR, the ICO has <\/span><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-enforcement-powers\/\"><span style=\"font-weight: 400\">broad powers of investigation<\/span><\/a><span style=\"font-weight: 400\">. Your business will first get a GDPR letter from the ICO informing you that they have started or concluded an investigation.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Common situations in which the ICO investigates UK businesses include allegations of:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">failure to <\/span><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/report-data-breach-ico\/\"><span style=\"font-weight: 400\">report a serious data breach<\/span><\/a><span style=\"font-weight: 400\"> to the ICO within 72 hours;\u00a0<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">unfair or unreasonable staff monitoring in the workplace;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">unsafe storage of employee information and personal information;\u00a0<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">data breaches involving personal data of individuals;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">failure to delete sensitive information when it has served its purpose;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">failure to correctly handle <\/span><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/safely-handle-sar\/\"><span style=\"font-weight: 400\">Subject Access Requests<\/span><\/a><span style=\"font-weight: 400\"> (SARs); or<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">disclosure of personal or sensitive information outside your business without the consent of the relevant individuals (or any lawful reason).\u00a0<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">The ICO aims to handle any breach of the rules fairly and proportionately. If your business is under <\/span>investigation, the ICO will consider all mitigating circumstances when using its<span style=\"font-weight: 400\"> enforcement powers.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Investigation Process&nbsp;<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">At the start of any investigation, the ICO will inform you of their concerns and any alleged breach of data protection rules in writing. They may ask you some initial questions to aid their investigation and request specific information from your business.&nbsp;&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Your company should quickly return with open and honest answers. <\/span>Additionally, t<span style=\"font-weight: 400\">here is no specific timeframe to respond to ICO correspondence. However, you risk placing your business in further trouble by refusing to provide the requested information or intentionally slowing down the ICO\u2019s investigation. Therefore, it is vital to acknowledge ICO orders. This demonstrates your business\u2019 commitment and compliance with its data protection obligations.<\/span><\/p>\n\n\n\n    <div class=\"my-7 lg:my-10 border-y-2 border-gray-100 py-7 lg:py-10 flex flex-col sm:flex-row items-start gap-10\">\n                    <img decoding=\"async\" class=\"w-52 mx-auto my-0! rounded\" src=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/09\/06164254\/uk-startup-manual-290x410-1.jpg\" alt=\"Front page of publication\"\n                 loading=\"lazy\" width=\"208\" height=\"298\">\n                <section>\n            <div class=\"text-2xl font-bold\">UK Startup Manual<\/div>\n            <div class=\"body-text\">\n                <p>LegalVision&#8217;s Startup Manual is essential reading material for any startup founder looking to launch and grow a successful startup.<\/p>\n            <\/div>\n            \n\n<a href=\"https:\/\/go.legalvision.co.uk\/uk-startup-manual.html\" class=\" block px-5 py-3.5 max-w-fit bg-orange button__hover transition rounded text-white font-bold text-lg no-underline uppercase leading-tight text-center\" target=\"\" rel=\"\">Download Now<\/a>        <\/section>\n    <\/div>\n\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/175979#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Facebook<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175979' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='imHb+kW+YpAxRYJl6BJe7Et8Kbsa2rAvRPRZ+V+gv6RDI5LMMlbZIOWLNvapL9ASfQKQDwhm4b04Zfjo2AWO6bA1LUjAj\/hMgG567BivEge218w=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Decision Notice&nbsp;<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">At the end of an investigation, the ICO can send your business a \u2018decision notice.\u2019 This letter is legally binding and will state whether or not the ICO believes you have complied with the GDPR or not.<\/span> <span style=\"font-weight: 400\">If the ICO states that your organisation has not followed GDPR rules, it can provide some instructions on remedying the situation. <\/span><\/p>\n\n\n\n<div  class=\"box box--icon box--info\">\n    <p>For example, if they find that your business has failed to provide information under a Subject Access Request (SAR) within the one-month time limit, the letter is likely to state that you must now do so without delay.\u00a0 Alternatively, some notices conclude your company needs to provide additional information to comply with the SAR fully.<\/p>\n<\/div>\n\n\n\n<p><span style=\"font-weight: 400\">A decision notice usually requires action and response within 35 calendar days of the date on the notice. If your business does not wish to follow the ICO&#8217;s instructions or disagrees with the decision, there are two other options.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">1. Appeal the ICO Decision<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">Your company can appeal an ICO decision by lodging a written appeal to the First-Tier Tribunal (Information Rights) within 28 calendar days of the date on the notice. Most businesses use an expert data lawyer to do so.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If your appeal is successful, you can ignore the initial instructions within the ICO&#8217;s decision notice. However, if your appeal proves unsuccessful, those original instructions will stand. Notably, the success rate for appeals against ICO decision notices is not particularly high.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span style=\"font-weight: 400\">2. Ignore the Decision Notice<\/span><\/h3>\n\n\n\n<p><span style=\"font-weight: 400\">Alternatively, your business might decide to ignore the notice, but this can be irresponsible. What typically happens if you ignore a decision notice is that the ICO is alerted to the fact that you have not responded or actioned their instructions. They then consider appropriate enforcement action against your company.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Notably, the ICO can issue a fine of up to \u00a317.5m or up to 4% of your annual turnover. It is not unknown for the ICO to award penalties in the thousands or tens of thousands for intentional breach of GDPR rules. Therefore, it is not advisable that your business ignores the decision notice. Even if you believe your company is not in breach, you should seek the advice of a legal professional to help you appeal the ICO decision.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Key Takeaways<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">If your business is alleged to be in breach of its data protection obligations, the Information Commissioner\u2019s Office (ICO) can investigate your organisation. The ICO will issue a letter informing you of their investigation. It is unwise to ignore or delay responding to the ICO as this can lead to further penalties for your business. Following an investigation, the ICO will send a decision notice that may require your business to amend the breach. You have 35 calendar days to respond. If you believe your business was not in breach, you can appeal the decision but it is advisable to speak to a lawyer.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If you need help with data protection rules and ICO correspondence relating to alleged breaches of data protection rules, <\/span><a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\"><span style=\"font-weight: 400\">LegalVision&#8217;s experienced data, privacy and IT lawyers<\/span><\/a><span style=\"font-weight: 400\"> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <\/span><a href=\"https:\/\/legalvision.co.uk\/membership\"><span style=\"font-weight: 400\">membership page<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Frequently Asked Questions<\/span><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1663773249040\"><strong class=\"schema-faq-question\"><strong>Are there any other risks in non-compliance with a decision notice?<\/strong><\/strong> <p class=\"schema-faq-answer\">Technically, failure to comply with a decision notice is contempt of court, so non-compliance can potentially result in a severe fine.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1663773283349\"><strong class=\"schema-faq-question\"><strong>How common are monetary penalties from the ICO?<\/strong><\/strong> <p class=\"schema-faq-answer\">Aside from significant breaches, the ICO tends to try and give organisations the chance to remedy their breach through instructions within decision notices. However, any failure to comply with a decision notice within 35 calendar days makes a monetary penalty much more likely.<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"9eb4f72322\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/175979\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Information Commissioner\u2019s Office (ICO) is an independent body which aims to help UK organisations comply with the General Data Protection Regulation (GDPR). The UK GDPR contains most of the data protection rules applicable to your business, such as those to do with personal data.&nbsp;If your business is under investigation for a potential UK data<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\">Continue reading <span class=\"sr-only\">&#8220;What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0&#8220;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":532,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"1181,173521,2348,3269,173147,1179","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[20,365,746,798,1021],"class_list":["post-175979","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-gdpr","tag-ico","tag-data-protection-rules","tag-letter"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Receiving a GDPR Letter From the ICO | LegalVision UK<\/title>\n<meta name=\"description\" content=\"If your business receives a GDPR letter from the ICO, you must take action. We explain what to do if you receive a GDPR letter from the ICO.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Receiving a GDPR Letter From the ICO | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"If your business receives a GDPR letter from the ICO, you must take action. We explain what to do if you receive a GDPR letter from the ICO.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-21T16:17:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-29T06:45:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1067\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0\",\"datePublished\":\"2022-09-21T16:17:48+00:00\",\"dateModified\":\"2024-10-29T06:45:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\"},\"wordCount\":981,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg\",\"keywords\":[\"small business\",\"gdpr\",\"ICO\",\"data protection rules\",\"letter\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\",\"name\":\"Receiving a GDPR Letter From the ICO | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg\",\"datePublished\":\"2022-09-21T16:17:48+00:00\",\"dateModified\":\"2024-10-29T06:45:41+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"If your business receives a GDPR letter from the ICO, you must take action. We explain what to do if you receive a GDPR letter from the ICO.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773249040\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773283349\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg\",\"width\":1600,\"height\":1067,\"caption\":\"Implied Consent Under GDPR: What Your Business Needs to Know | LegalVision UK\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773249040\",\"name\":\"Are there any other risks in non-compliance with a decision notice?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Technically, failure to comply with a decision notice is contempt of court, so non-compliance can potentially result in a severe fine.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773283349\",\"name\":\"How common are monetary penalties from the ICO?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Aside from significant breaches, the ICO tends to try and give organisations the chance to remedy their breach through instructions within decision notices. However, any failure to comply with a decision notice within 35 calendar days makes a monetary penalty much more likely.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Receiving a GDPR Letter From the ICO | LegalVision UK","description":"If your business receives a GDPR letter from the ICO, you must take action. We explain what to do if you receive a GDPR letter from the ICO.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/","og_locale":"en_GB","og_type":"article","og_title":"Receiving a GDPR Letter From the ICO | LegalVision UK","og_description":"If your business receives a GDPR letter from the ICO, you must take action. We explain what to do if you receive a GDPR letter from the ICO.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-09-21T16:17:48+00:00","article_modified_time":"2024-10-29T06:45:41+00:00","og_image":[{"width":1600,"height":1067,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0","datePublished":"2022-09-21T16:17:48+00:00","dateModified":"2024-10-29T06:45:41+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/"},"wordCount":981,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg","keywords":["small business","gdpr","ICO","data protection rules","letter"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/","name":"Receiving a GDPR Letter From the ICO | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg","datePublished":"2022-09-21T16:17:48+00:00","dateModified":"2024-10-29T06:45:41+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"If your business receives a GDPR letter from the ICO, you must take action. We explain what to do if you receive a GDPR letter from the ICO.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773249040"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773283349"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230036\/brand-design-00026.jpg","width":1600,"height":1067,"caption":"Implied Consent Under GDPR: What Your Business Needs to Know | LegalVision UK"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"What Must My Business Do After Receiving a GDPR Letter From the ICO in England?\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773249040","name":"Are there any other risks in non-compliance with a decision notice?","acceptedAnswer":{"@type":"Answer","text":"Technically, failure to comply with a decision notice is contempt of court, so non-compliance can potentially result in a severe fine.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-letter-ico\/#faq-question-1663773283349","name":"How common are monetary penalties from the ICO?","acceptedAnswer":{"@type":"Answer","text":"Aside from significant breaches, the ICO tends to try and give organisations the chance to remedy their breach through instructions within decision notices. However, any failure to comply with a decision notice within 35 calendar days makes a monetary penalty much more likely.","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=175979"}],"version-history":[{"count":14,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175979\/revisions"}],"predecessor-version":[{"id":191006,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175979\/revisions\/191006"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/532"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=175979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=175979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=175979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}