From 6 April 2010, the Information Commissioner may impose a civil monetary penalty of up to £500,000 for serious contraventions of the data protection principles. All data controllers throughout the UK including businesses that process personal information should be aware that in order for the penalty to apply, the contravention must have been likely to have caused substantial damage or substantial distress. In addition, the data controller concerned must either:
Statutory guidance produced by the Information Commissioner provides further details on how he proposes to exercise his functions in relation to imposing a civil monetary penalty and data controllers’ procedural rights – see the appropriate link below. You are reminded that, when you and/or your employees process personal information, you have a duty to comply with the data protection principles. These are to ensure that the personal data you hold is: