Blog

Data Privacy Day 28 January 2023: A reminder of the consequences for a failure to comply with data protection and marketing legislation. Tribunal

In light of Data Privacy Day on 28 January 2023, businesses and organisations should reflect on data privacy and their compliance with data protection and marketing legislation.

Failure to be compliant with this legislation can result in the Information Commissioners Office (ICO) issuing significant fines and ‘naming and shaming’ organisations in the public domain when they fail to comply with data protection and marketing legislation.

Below are a few common issues and examples of organisations facing far reaching consequences, both financial and reputational, when they failed to be compliant with data protection and marketing legislation. For example, Amazon was issued a record fine of more than £630 million after a finding that its processing of personal data had breached GDPR!

Examples of consequences of failing to be complaint with data protection and marketing legislation.

Failing to comply with a data subject access request made by an individual

The ICO took enforcement action against First Choice Selection Services Limited when they refused to comply with a request for information from a former employee during Employment Tribunal proceedings. This was a breach of his Subject Access Rights.

Failure to comply with an enforcement notice can result in a fine of up to £17,500,000 or 4% of annual global turnover, whichever is higher!

Sending marketing emails without obtaining relevant consent

The ICO fined We Buy Any Car Limited £200,000. It sent 191.4 million marketing emails and 3.6 million marketing SMS messages to individuals without fully satisfying the legal requirements, resulting in 42 complaints to the Commissioner, over a period of twelve months.

Failing to protect data of customers

The ICO fined British Airways (BA) £20 million for failing to protect the personal and financial details of more than 400,000 of its customers.

At Lupton Fawcett, we have data protection expertise and offer the following services to ensure that your business or organisation do not repeat the same mistakes

  • Provide bespoke internal training to your marketing team and/or your management team on the Privacy and Electronic Communications and on Data Protection legislation and compliance including an overview of the do’s and don’ts.
  • Audit your current compliance with electronic marketing and prepare a report on any compliance gaps.
  • Audit your current Record of Processing Activities and identify any compliance gaps.
  • If you do not have a Record of Processing Activities, we can assist you to complete one.
  • Provide an internal check list for use in staff training to help recognise Subject Access Requests.
  • Provide an internal flow chart/check list for dealing with Subject Access Requests.
  • Provide a suite of template letters and a template response form.
  • Provide a short-form guide to dealing with some of the more tricky issues which arise.
  • Provide bespoke policies on the use of computers, mobile devices and other equipment including personal use and use of employee’s own equipment.
  • Provide up to date employment contracts, which include Privacy notices and Confidentiality clauses
  • Review your existing privacy or website privacy or fair processing notices
  • Provide a standard checklist and “leaving letter” for departing employees.
  • Work with you to set up an incident and response plan in respect of data breaches.
  • Provide a written team sheet and plan.
  • Provide user-friendly internal reporting forms suitable for your organisation.
  • Provide a central log to record breaches.
  • Help the team to understand types of incident and reporting issues and assist with training on the incident and response plan.
  • Provide a bespoke desk-top audit of your business and compliance.
  • Advise on Data Protection Officer requirements and on the contractual/statutory terms required

        • If you wish to discuss this article in more detail or would like advice generally about data protection, please do not hesitate to contact Data Protection specialist, Holly Dobson, on 0114 228 3295 or holly.dobson@luptonfawcett.law.

        To receive our updates please sign up to our mailing list below

        Author

        Required
        Required
        Required

        Sign up for our newsletter

        Please fill in the form below to receive legal updates and seminar invitations from our expert solicitors – straight to your inbox.

        Required
        Required
        Required

        By signing up, you agree to our terms and that you have read our privacy policy.