Module 17 2024

05/12/2024

• UK GDPR – Fines

• In 2023, the ICO imposed a total of 17 monetary penalties, half the number it handed down in 2022

• None of the 17 organisations fined during 2023 operates in the public sector • Of the 17 fines, only one was for breach of the UK GDPR - the others were for breaches of the PECR (Electronic Marketing Rules) • However, the fines for infringements of the PECR rules only totalled £1.18 million, whereas the single UK GDPR fine was for £12.7 million • £12.7 million fine for TikTok (May 2023) for its breaches of multiple articles of the GDPR and UK GDPR, including those relating to the lawful use of the personal data of children

171

• Data Protection – A Technical Issue

• Broadly, Data Protection is about securing data against unauthorised access

• Article 32 of the GDPR states: – “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk…”

172

86