{"id":178797,"date":"2022-11-28T12:12:50","date_gmt":"2022-11-28T12:12:50","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=178797"},"modified":"2022-11-30T05:54:07","modified_gmt":"2022-11-30T05:54:07","slug":"data-protection-enforcement","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/","title":{"rendered":"What Data Protection Requirements Does the ICO Enforce in the UK?"},"content":{"rendered":"\n<p>Your organisation processes a large amount of information each day. In doing so, it must comply with the two primary data protection laws in the UK, which are the GDPR (General Data Protection Regulation) and the <em>Data Protection Act<\/em>. The Information Commissioner\u2019s Office (ICO) is an independent organisation responsible for enforcing data protection rules. It acts to provide guidance, investigate alleged breaches, and issue financial penalties against companies where appropriate.<\/p>\n\n\n\n<p>This article will explain the data protection requirements enforced by the ICO to ensure your company complies with those requirements and avoids fines from the ICO.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are the Main Duties of the ICO?<\/h2>\n\n\n\n<p>The ICO has several critical tasks concerning data protection law, which include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>investigating GDPR-related complaints against companies;<\/li>\n\n\n\n<li>providing detailed guidance concerning data protection principles and obligations on their website; and<\/li>\n\n\n\n<li><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-decide-fine-company\/\">delivering fines<\/a> to organisations that commit personal data breaches and fail to follow good practices when processing personal data.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What Are the Main Data Protection Requirements Enforced?<\/h2>\n\n\n\n<p>The ICO exist to put weight behind UK data protection law. They act as the referee in considering potential fouls and the penalty to apply for them. But what data protection principles does the <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/ico-website-important\/\">ICO<\/a> seek to enforce?<\/p>\n\n\n\n<p>The primary data protection requirements enforced by the ICO include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>that all personal data obtained and processed by your business is done in a fair, lawful and transparent manner;<\/li>\n\n\n\n<li>that your business only obtains personal data for specified explicit and lawful purposes;<\/li>\n\n\n\n<li>that all personal data collected is adequate, relevant and not excessive in relation to the purpose for which it is processed;<\/li>\n\n\n\n<li>where you move personal data outside of the UK, doing so lawfully;<\/li>\n\n\n\n<li><a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/sar-request-business\/\">swift and accurate responses to Subject Access Requests<\/a> (SARs), data erasure or rectification requests and other data-related requests; and<\/li>\n\n\n\n<li>the need to report any serious &#8216;personal data breaches&#8217; to the ICO within 72 hours.<\/li>\n<\/ul>\n\n\n\n<p>Let us explore a few of these data protection requirements below.<\/p>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/178797#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Comments<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/178797' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='PzaEuL\/mhMFHiSJqP1LpYWOyQDHq\/s0+2zrmO3xuCDEewCg4wP2Q5iQ+L3vYAqWMk5z6g9Pj6CbJkThNUl00HwiyO94lRpA9DBfBo86UGVFJC94=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\">Correct Handling and Processing of Personal Data<\/h2>\n\n\n\n<p>The main principles here involve only using personal data relating to customers, staff and third parties for a lawful reason or with their prior consent. It is helpful for your company to keep any written permission for record-keeping purposes.<\/p>\n\n\n\n<p>In terms of personal data, you are expected to limit the information stored to the level required to perform the relevant service. Your company should not store excessive amounts of data. So if you need to collect information to send a free postal newsletter to an individual, you should take their name and home address. However, you should avoid requesting their National Insurance number or date of birth.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Lawful Sending of Information Outside the UK<\/h2>\n\n\n\n<p>Your company can only send information to a country outside the UK if you are satisfied that the relevant country has \u2018appropriate safeguards\u2019 in place and individuals in the country have enforceable data protection rights. This could include those countries granting their citizens effective legal powers against data protection breaches and the internet in that country not being state-monitored.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Correct Handling of Subject Access Requests<\/h2>\n\n\n\n<p>It is becoming more common for organisations to receive SARs from staff and customers, and the ICO has a handy guide for handling them on its website.<\/p>\n\n\n\n<p>Overall, your company should:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>acknowledge receipt of the SAR;<\/li>\n\n\n\n<li>carry out a reasonable search for the materials requested (with a few exceptions, mainly where it would disclose the personal data of others); and<\/li>\n\n\n\n<li>provide the relevant information (in digital or written form) within the appropriate time period (usually one month).<\/li>\n<\/ul>\n\n\n\n<p>Most ICO complaints concern companies that fail to comply within the one-month time limit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Reporting Data Breaches to the ICO<\/h2>\n\n\n\n<p>The final main requirement is that your company must report any personal data breach to the ICO within 72 hours of it happening. One example of this would include a staff member accidentally sending a spreadsheet with the home addresses and full names of customers to the wrong email address, ending up in the wrong person&#8217;s hands. This would pose a risk to those people through potential identity theft.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Can the ICO Do if My Company Breaches These Rules?<\/h2>\n\n\n\n<p>The ICO can hand down fines to organisations that breach data protection laws. The maximum fine level is very high and capped at \u00a317.5m (or 4% of annual global turnover).<\/p>\n\n\n\n<p>The ICO will grade different data protection breaches differently depending on their severity. In this way, they will consider a written warning (with no fine) for providing the results of a SAR to a staff member two hours later than the technical deadline in comparison. Conversely, they will likely issue a financial penalty for covering up (and failing to report) a major personal data breach to them.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways<\/h2>\n\n\n\n<p>The ICO acts as the referee for data protection purposes in the UK and applies penalties per the public interest. If your organisation breaches data protection law, the ICO is the body to decide on the level of punishment.<\/p>\n\n\n\n<p>While the maximum fine level is scary, in reality, the ICO produces fines in the region of thousands or tens of thousands instead. This is still a lot of money for your business and worth taking steps to avoid. After all, it only requires your company to practise good data management and follow the guides on the ICO website to avoid financial penalties.<\/p>\n\n\n\n<p>If you need help with data protection requirements and avoiding sanctions from the ICO, our experienced <a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\">data, privacy and IT lawyers<\/a> can assist as part of our LegalVision membership.\u00a0 For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <a href=\"https:\/\/legalvision.co.uk\/membership\/\">membership page<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1669637298710\"><strong class=\"schema-faq-question\"><strong>Why is there a one-month time limit on responding to a SAR?<\/strong><\/strong> <p class=\"schema-faq-answer\">One of the main principles of the UK GDPR is quick access to personal data. Because of this, individuals have the right to receive the requested information quickly.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1669637308849\"><strong class=\"schema-faq-question\"><strong>Does the ICO provide written guidance on data protection rules?<\/strong><\/strong> <p class=\"schema-faq-answer\">Yes, it has copies on its website. One of the most useful is their Employment Practices Code, which provides information on handling employee data and monitoring.<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"9eb4f72322\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/178797\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"What Data Protection Requirements Does the ICO Enforce in the UK?\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Your organisation processes a large amount of information each day. In doing so, it must comply with the two primary data protection laws in the UK, which are the GDPR (General Data Protection Regulation) and the Data Protection Act. The Information Commissioner\u2019s Office (ICO) is an independent organisation responsible for enforcing data protection rules. It<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\">Continue reading <span class=\"sr-only\">&#8220;What Data Protection Requirements Does the ICO Enforce in the UK?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":3254,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"1760,172283,172748,178313,176767,176396","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[20,21,365,746],"class_list":["post-178797","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-medium-business","tag-gdpr","tag-ico"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ICO Data Protection Enforcement | LegalVision UK<\/title>\n<meta name=\"description\" content=\"This article will explore which data protection requirements the ICO actually enforces, so your business can avoid hefty penalties.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ICO Data Protection Enforcement | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"This article will explore which data protection requirements the ICO actually enforces, so your business can avoid hefty penalties.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-28T12:12:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-30T05:54:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"975\" \/>\n\t<meta property=\"og:image:height\" content=\"650\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"What Data Protection Requirements Does the ICO Enforce in the UK?\",\"datePublished\":\"2022-11-28T12:12:50+00:00\",\"dateModified\":\"2022-11-30T05:54:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\"},\"wordCount\":1033,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"keywords\":[\"small business\",\"medium business\",\"gdpr\",\"ICO\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\",\"name\":\"ICO Data Protection Enforcement | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"datePublished\":\"2022-11-28T12:12:50+00:00\",\"dateModified\":\"2022-11-30T05:54:07+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"This article will explore which data protection requirements the ICO actually enforces, so your business can avoid hefty penalties.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637298710\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637308849\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"width\":975,\"height\":650,\"caption\":\"WhatsApp Use: Legal Lessons for Data Protection | LegalVision UK\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Data Protection Requirements Does the ICO Enforce in the UK?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637298710\",\"name\":\"Why is there a one-month time limit on responding to a SAR?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"One of the main principles of the UK GDPR is quick access to personal data. Because of this, individuals have the right to receive the requested information quickly.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637308849\",\"name\":\"Does the ICO provide written guidance on data protection rules?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes, it has copies on its website. One of the most useful is their Employment Practices Code, which provides information on handling employee data and monitoring.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ICO Data Protection Enforcement | LegalVision UK","description":"This article will explore which data protection requirements the ICO actually enforces, so your business can avoid hefty penalties.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/","og_locale":"en_GB","og_type":"article","og_title":"ICO Data Protection Enforcement | LegalVision UK","og_description":"This article will explore which data protection requirements the ICO actually enforces, so your business can avoid hefty penalties.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-11-28T12:12:50+00:00","article_modified_time":"2022-11-30T05:54:07+00:00","og_image":[{"width":975,"height":650,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"What Data Protection Requirements Does the ICO Enforce in the UK?","datePublished":"2022-11-28T12:12:50+00:00","dateModified":"2022-11-30T05:54:07+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/"},"wordCount":1033,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","keywords":["small business","medium business","gdpr","ICO"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/","name":"ICO Data Protection Enforcement | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","datePublished":"2022-11-28T12:12:50+00:00","dateModified":"2022-11-30T05:54:07+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"This article will explore which data protection requirements the ICO actually enforces, so your business can avoid hefty penalties.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637298710"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637308849"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","width":975,"height":650,"caption":"WhatsApp Use: Legal Lessons for Data Protection | LegalVision UK"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"What Data Protection Requirements Does the ICO Enforce in the UK?"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637298710","name":"Why is there a one-month time limit on responding to a SAR?","acceptedAnswer":{"@type":"Answer","text":"One of the main principles of the UK GDPR is quick access to personal data. Because of this, individuals have the right to receive the requested information quickly.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/data-protection-enforcement\/#faq-question-1669637308849","name":"Does the ICO provide written guidance on data protection rules?","acceptedAnswer":{"@type":"Answer","text":"Yes, it has copies on its website. One of the most useful is their Employment Practices Code, which provides information on handling employee data and monitoring.","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/178797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=178797"}],"version-history":[{"count":6,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/178797\/revisions"}],"predecessor-version":[{"id":178861,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/178797\/revisions\/178861"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/3254"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=178797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=178797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=178797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}