United Kingdom
Regulatory Authorities
8.2.2.3. Enforcement Notices: The ICO can mandate organisations to take specific actions to comply with the law. 8.2.3.4. Penalties: The ICO can impose administrative fines (see paragraph 9 below). 8.2.3.5. Prohibition Notices: The ICO can prohibit processing activities if they are not compliant with GDPR. 8.3. Role, functions and powers of civil/criminal courts in the field of data regulation 8.3.1. The civil courts have two main functions: 8.3.1.1. To provide a remedy for data subjects, who can bring civil suit against controllers, claiming damages for losses incurred under the UK GDPR or PECR (Reg 30). 8.3.1.2. To enforce any orders of the ICO through court orders and, ultimately, contempt of court. 8.3.2. The criminal courts have a very limited function in relation to the bulk of data protection law in the UK, with the exception of Section 170 of the DPA 2018, which makes it a criminal offence to deliberately disclose or retain personal data without the consent of the controller. Consequences of non-compliance The consequences of any infringement of data protection laws can, potentially, be twofold: administrative investigation and sanctions under Art 83 UK GDPR, and/or a civil claim for damages.
8.1. Overview The ICO is the independent regulator responsible for supervising and enforcing UK GDPR, DPA 2018 and PECR. Other regulators (e.g., communications industry and financial services industry regulators) intersect in sector ‑ specific contexts, but enforcement of data protection laws and PECR resides primarily with the ICO. 8.2. Role, functions, and powers of the ICO 8.2.1. The ICO issues guidance, investigates complaints, and exercises corrective and sanctioning powers. 8.2.2. It also operates engagement initiatives (such as regulatory sandboxes and consultations) and increasingly publishes reprimands and enforcement outcomes to drive transparency and improve industry practice. 8.2.3. The ICO has the following powers: 8.2.3.1. Information Notices: The ICO can require organisations to provide information within a specified timeframe. 8.2.3.2. Assessment Notices: The ICO can assess organisations' compliance with data protection principles.
https://www.fladgate.com/
Made with FlippingBook - PDF hosting