The potential fines that are bandied about relating to GDPR are enormous, crippling and harsh.
However, the ICO is taking an interesting stance (according to its own blog). It says fines are great for headlines but they're actually a last resort.
Who knew that out of 17,300 cases last year only 16 turned into fines?
The position of this blog is one of common sense rather than fear. Does that mean we can all breathe a sigh of relief as we work towards compliance?
Issuing fines has always been and will continue to be, a last resort. Last year (2016/2017) we concluded 17,300 cases. I can tell you that 16 of them resulted in fines for the organisations concerned. And we have yet to invoke our maximum powers. Predictions of massive fines under the GDPR that simply scale up penalties we’ve issued under the Data Protection Act are nonsense. Don’t get me wrong, the UK fought for increased powers when the GDPR was being drawn up. Heavy fines for serious breaches reflect just how important personal data is in a 21st century world.