DPC logo

Data protection audit and avice

Homepage About us Your risk Our services News Contact us Call Data Protection Consultancy
Failure to comply with regulatory requirements can lead to prosecution, fines and damage to your reputation.  

Example breaches


The FSA fined a building society £980,000 for the loss of a laptop which contained confidential customer data; they had failed to implement adequate risk-management systems.

Sending unwanted marketing emails and texts, or making live and automated marketing phone calls, could cost you up to £500,000.

A Sheffield-based organisation was fined £60,000 for losing an unencrypted laptop holding the details of thousands of people.

A Leeds-based accountancy firm was fined and ordered to pay costs—and its officers were also personally fined.

The data controller of a law firm was fined £1,000 for failing to keep sensitive personal information relating to around 6,000 people secure—if the firm had still been trading, the fine would have been £200,000.

Charities based in Sheffield and Nottingham both breached the Data Protection Act by failing to encrypt computers which contained information relating to young people.

A firm of solicitors in Lancashire was fined £3,150 for a breach of the act.

A county council was fined £100,000 for faxing details of a child sex-abuse case to a member of the public.


What does the law require?

Data privacy regulations relate to information you hold on employees as well as current and potential customers, and can be electronic or paper-based. Any data that you hold has to be:

  • accurate
  • stored securely
  • up to date
  • relevant to its particular use.

Who can see the data you hold?

Data subjects have the right to request access to their personal data—and you must comply by the deadline.

What are the penalties for breach?

Failing to comply with the act can result in fines of up to £500,000 (or an unlimited fine in the Crown Court) and a custodial sentence. It is even a criminal offence, carrying a fine of up to £5,000, simply not to notify the ICO that you are processing personal data. The number of fines levied, and their value, increases year on year: the ICO takes data security breaches increasingly seriously.


It’s not just the ICO

Depending on your sector, you could be open to fines from other bodies. The FSA, for example, can impose fines much greater than the ICO’s limit (see right).

It’s not just your own compliance

You should be concerned not only about your own compliance with the Data Protection Act but also any of your partners to whom you may pass personal data in the course of your business. In many cases, you will be legally responsible for how they handle and protect this data.

It’s not worth the risk

As you can see from the real examples given at the right, the cost of being found in breach of the Data Protection Act is significantly higher than the cost of bringing in the expertise of a firm like Data Protection Consultancy. So why risk it?

Our consultants offer data protection advice, audits, policies, training and other consultancy to help your organisation stay on the right side of the law.


© Data Protection Consultancy Ltd, 29 Shadwell Lane, Leeds LS17 6DP