United Kingdom 9.1. Consequences and penalties for less serious infringements Lower administrative fines are capped at the higher of £8.7 million or 2% of worldwide annual turnover. These fines may be applied for less serious infringements such as failing to keep adequate records or failing to conduct a DPIA. 9.2. Consequences and penalties for serious non ‑ compliance The higher administrative fines of £17.5 million or 4% of worldwide annual turnover apply to serious infringements, such as the failure to comply with the basic principles of UK GDPR. The same limits (as of 2025) apply to breaches of PECR. 9.3. ICO approach to penalties In setting penalties, the ICO considers factors such as the nature, gravity and duration of the infringement, whether it was intentional or negligent, categories of personal data affected, the degree of cooperation, and prior infringements. The ICO can also order suspension or restriction of processing, impose corrective actions, and require notification to affected individuals.
Conclusion
We do not expect considerable divergence between UK GDPR and EU GDPR in the short to medium term and, in general, businesses can often combine compliance programmes for UK and EU entities. Increased consumer awareness of privacy issues means that large processors need to be wary of consumer class actions.
Contact Us
+44 20 3036 7000 https://www.fladgate.com/ epowell@fladgate.com 16 Great Queen Street London, WC2B 5DG England
Made with FlippingBook - PDF hosting