Unlimited Fines May Now Be Imposed By UK Magistrates’ Court Data Protection Offences

Since the Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015 came into force 12 March 2015, the Magistrates' Court has had the ability to impose unlimited fines for criminal offences under the Data Protection Act 1998 ('DPA').

Under s.55 DPA, an individual can be convicted of a criminal offence if he or she obtains or discloses personal data without the consent of the data controller. Before 12 March, a £5,000 fine cap existed, but this has now been removed, allowing for fines of any amount to be imposed at sentencing.

This change has been welcomed by the Information Commissioner's Office ('ICO'), which has been campaigning for stricter, more effective punishments and still wants custodial sentences for the more severe 'blagging' breaches. Data processing managers should not be overly alarmed if data is lost because of an error of judgment, though. The ICO has stated that although data processing managers could be legally responsible for data protection failures, they are unlikely to be affected by the amendment unless they – like any other employee – commit a criminal...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT