Page 28 - BOSS Today Issue 44
P. 28

BOSS Today      #44     DOWN TO BUSINESS – HAPPY BIRTHDAY












        HAPPY















        BIRTHDAY





















          GDPR is now past its first birthday. How has the regulator punished non-compliance?


           t has been over 12 months since the   service providers to identify their   n In November 2018, the ICO fined ride
          Iintroduction of the General Data   sub-contractor data processors.    sharing company Uber £385,000 for
          Protection Regulations (GDPR), which   The introduction of the GDPR was   failing to protect customers’ personal
          are now incorporated into UK law   heralded with dire warnings about   information during a cyber attack.
          as the Data Protection Act 2018.  the penalties that could be imposed   n In December 2018, Tax Returned
           This time last year, BOSS was very   by the regulator, the Information   Limited was fined £200,000 for
          busy helping members prepare for   Commissioner’s Office (ICO), for non-  sending out 14.8 million unsolicited
          compliance with the new rules. Along   compliance. Those penalties could   marketing text messages.
          with the BPIF, we delivered 26 GDPR   be as much as 4% of a company’s   n In January 2019, Alistair Green
          workshops with 605 delegates attending,   worldwide turnover, or 20 million   Legal Services Limited received
          and assisted approximately 150 member   euros, whichever is the higher.  a fine of £80,000 for making
          companies to become compliant.      In the first three months after the   unsolicited telephone calls.
           For many companies, this may have   introduction of the GDPR, the ICO   n Leave.EU Group Limited received two
          ultimately been a useful exercise,   reported a doubling of the number of   penalties of £45,000 and £15,000 for
          encouraging them to be more systematic   complaints received, and it anticipates   sending unsolicited messages, and
          about ensuring that they have contracts   that this will further increase as   Vote Leave Limited received a fine of
          and other documents in place and   more individuals become aware of    £40,000 for its unsolicited messaging.
          becoming more aware as to what    their rights to protect their data.  n The largest penalty so far was imposed
          data they actually hold and for how   A review of the enforcement action   in April 2019 on Bounty UK Limited,
          long. For others, the new regulations   taken by the ICO over the last quarter   which has received a fine of £400,000
          may have been seen as an obstacle to   shows us that the regulator is prepared   for sharing personal data unlawfully.
          business, especially the rules around   to take a firm approach with businesses
          data processing agreements, with   sharing data or sending marketing   In addition to its powers to issue fines,
          most template agreements requiring   messages in breach of the rules.  the ICO can also issue Enforcement


                                                            28
   23   24   25   26   27   28   29   30   31   32