The Information Commissioner’s Office (ICO), the body responsible for monitoring compliance with data protection legislation, has been in the news a lot recently.  Investigating complaints against businesses and handing out reprimands and hefty fines – including to Hello Fresh, the Central YMCA and marketing firms, Outsource Strategies Ltd and Dr Telemarketing.

Whilst the General Data Protection Regulations (GDPR) came into force in 2018, many enterprises (ranging from large companies to sole traders or charities) have not yet fully implemented all the requirements when holding or using an individual’s data. Every enterprise must have a Data Protection Officer and regularly audit their use and protection of data. When data is passed between organisations, a careful review of the compliance of the party to which you are passing it should be undertaken. The new regulations aim to give more agency and protection to individuals, and the ease of reporting any breaches (or suspected breaches) is easier than ever.

If you process or hold any personal data as defined by the regulations, you are also obliged to register with the ICO. Failure to do so can result in an automatic penalty of up to £4,000. In 2024 alone, 11 such fines have been issued where it has come to light that businesses have not properly registered and paid the annual fee (ranging between £40 for small organisations with a turnover of less than £632,000 to £2,900 for large organisations).

Neves Solicitors understand that ensuring data is properly collected, used, stored and protected can seem like a constant battle. However, a good understanding of the principles of data protection and a thorough audit of your practices can avoid your name coming across the ICO’s desk.

In addition to advising on the 7 principles of personal data protection and their application to you, Neves has expertise in drafting a wide range of terms and conditions, including privacy and cookie policies, as well as data processing and sharing arrangements. They can assist your organisation in undertaking an audit of your current practice to ensure compliance and review your terms of business or contracts to ensure that they are fully up to date and interact cohesively with other mandated policies and marketing strategies. If you use suppliers, consultants or other contractors where personal data is shared, a review of their GDPR policies and processes is also work that Neves can help you with.

If you have any concerns about whether you are compliant, or think that you could do with a general health check to ensure that you meet the strict requirements of the GDPR and the ICO, please contact kim.sayer@neves.co.uk to discuss the best strategy to help you avoid complaints, penalties and fines.