To ask Her Majesty's Government what assessment they have made of the level of fines available to be imposed by the Information Commissioner where organisations are found to have broken the law.
Answered on
25 July 2018
The General Data Protection Regulation (GDPR) and the new Data Protection Act 2018 (DPA) strengthen standards on data protection, ensuring they are up to date for the modern age. The GDPR allows the Information Commissioner to impose fines up to £18 million or 4% of global turnover. These are significantly higher fines than were available under the Data Protection Act 1998 where the maximum fine that could be imposed was £500,000. We will continue to work with the Commissioner to monitor and evaluate the impact of the fines over the months and years ahead.