Since 2018, the decision-making arsenal of the UK Information Commissioner’s Office (“ICO”) has included the Regulatory Panel, a body tasked with making independent recommendations to the Commissioner regarding proposed action resulting from breaches of data protection legislation. According to its Terms of Reference, the Regulatory Panel mainly advises on cases relating to breaches of the Data Protection Act 2018, the General Data Protection Regulation (“GDPR”) and the Network Information System Regulations where a fine in excess of £5million is proposed (or where any proposed penalty is likely to cause a “very significant financial impact”). The Panel is responsible for considering whether proposed fines (and/or any other corrective measures) are effective, proportionate and dissuasive, and will recommend to the Commissioner a range of fines and/or corrective measures it considers appropriate in a given case.
Please see full publication below for more information.