show image

The Information Commissioner takes aim at GDPR myths: “Maximum fines will not become the norm”

The UK’s information commissioner, Elizabeth Denham, is seeking to dispel myths about the EU’s incoming General Data Protection Regulation in a new series of blogs.

The first instalment, published today, outlines the rationale for the initiative. Denham says that most experts have their facts straight, but adds:

I’m worried that the misinformation is in danger of being considered truth.

GDPR will stop dentists ringing patients to remind them about appointments” or “cleaners and gardeners will face massive fines that will put them out of business” or “all breaches must be reported under GDPR”. I’ve even read that big fines will help fund our work.

For the record, these are all wrong.

She goes on to challenge the notion that the law is all about fines and brands claims that maximum penalties will become the norm as “scaremongering”:

Issuing fines has always been and will continue to be, a last resort. Last year (2016/2017) we concluded 17,300 cases. I can tell you that 16 of them resulted in fines for the organisations concerned.

And we have yet to invoke our maximum powers.

The blog comes after the government revealed its tough new data privacy plans earlier this week. It adopts GDPR and gives the ICO the power to fine firms up to 4 per cent of global turnover or £17m. The new regulations come into force on 25 May 2018.