> There might or might not be auditors visiting you after the first letter.
The ICO in the UK doesn't work like that, AFAIAA. You first get a polite letter; then a firmer letter containing helpful advice on how to come into compliance.
After that, you join a huge queue of companies awaiting legal enforcement action. The ICO is deliberately underfunded; it always has been. The government passed data protection laws, but they reserved the power of enforcement to an agency that was crippled from the start.
I welcome this court decision, obviously.
[Edit] Most of the penalties levied by the UK ICO used to be against local governments and government agencies. They were rarely against commercial operations. I see that there are some companies (that I've never heard of) now appearing in the list.
The ICO in the UK doesn't work like that, AFAIAA. You first get a polite letter; then a firmer letter containing helpful advice on how to come into compliance.
After that, you join a huge queue of companies awaiting legal enforcement action. The ICO is deliberately underfunded; it always has been. The government passed data protection laws, but they reserved the power of enforcement to an agency that was crippled from the start.
I welcome this court decision, obviously.
[Edit] Most of the penalties levied by the UK ICO used to be against local governments and government agencies. They were rarely against commercial operations. I see that there are some companies (that I've never heard of) now appearing in the list.
https://ico.org.uk/action-weve-taken/enforcement/