ICO Prosecutions & Regulation

Make an enquiry

Home → Data Protection Solicitors → ICO Prosecutions

Richard Nelson LLP’s team of experienced data protection solicitors are skilled in representing clients who are involved in an ICO prosecution. The ICO’s powers are extensive and an investigation could take a number of different forms. We will be able to provide advice no matter what stage of the ICO prosecution process you’re in.

Role and responsibilities of the ICO

Data protection legislation creates the role of the Information Commissioner and her department known as the Information Commissioners Office (ICO). This is an independent regulatory body responsible for overseeing Data Controllers and protecting Data Subjects. Its main functions is to encourage compliance and good practice when it comes to handling personal data. It has both the power to investigate any breaches of the law and the power to take a range of regulatory actions against those individuals and organisations responsible for a breach.

What is the ICO concerned with?

An organisation which holds or manages personal information about others is known as a Data Controller. It is required in law to manage and protect that information to ensure that it is not unlawfully disclosed so as to protect those whose information is being handled or managed (the Data Subject).

The current legislation which needs to be complied with in order to protect personal data is The Data Protection Act 2018 (DPA2018). This provides the rules for data protection and the current sanctions for those who breach them. The laws on data protection were recently reviewed in line with a European Regulation known as the General Data Protection Regulations (GDPR) which replaced the Data Protection Act 1998 with the new DPA2018. This has introduced tougher rules for Data Controllers, strengthening the rights of Data Subjects and creating more stringent requirements to be followed in the event of a breach of personal data, along with tougher penalties which can be imposed.

The ICO’s regulatory powers

The ICO undertakes a range or regulatory actions in the event of a breach of personal data. These actions are always taken with the aim to encourage and enforce good practice for including the use of targeted, proportionate and effective regulatory action will also contribute to the promotion of good practice.

The ICO has available to it a full range of actions which it can take to ensure compliance with data protection laws. These are:

In addition, the ICO has a number of powers that enable it to carry out its regulatory actions. These are:

The Regulatory powers allow for the ICO to fine up to a maximum of up to €20 million or 4% of annual global turnover, whichever is greater. Although such a level of fine is rare and preserved for large data breaches by large organisations, the same principles apply to any data breach and so it is vital that anybody facing regulatory action by the ICO receives expert legal advice from the outset. Richard Nelson LLP has experienced lawyers who can assist you. If you require assistance of this nature, please contact us today.

Get in touch

For more information about the services we can provide and about how we can help you and your business, contact us.

< Back to Regulatory Investigations

What we do...

Our experienced data protections solicitors can advise you with any aspect of an ICO prosecution.

We can help if you’re facing:

  • An ICO audit

  • Civil monetary penalties

  • Non-criminal enforcement

  • Criminal prosecution

Request a Callback

  • We treat all personal data in accordance with our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.