Firms not honouring data access requests could face criminal prosecution: ICO

Firms not honouring data access requests could face criminal prosecution: ICO

Brit gets 70 months in jail for carrying out $22 million wire fraud

The Information Commissioner’s Office has warned organisations that failure to honour data access requests made by customers or failing to do so within mandated timelines could expose them to criminal prosecution under GDPR.

In January, a report from cloud data integration solutions provider Talend revealed that as many as 74 percent of UK-based organisations were unable to honour data access requests as mandated by GDPR, even though over six months had passed since the new data protection law came into effect in Europe.

The report added that only 17 percent of organisations were able to honour data access requests from their customers within the mandated 30-day timeline, while 9 percent of them were honouring such requests but were failing to do so either completely or within the required timeline.

“A delay, or complete lack of a response, will only continue to damage free-falling consumer trust in how organisations store and organise their data. What’s more, the world is on tenterhooks waiting for the first major fine to be enforced for a breach of the GDPR,” said Jean-Michel Franco, Senior Director of Data Governance Products at Talend.

“After all, consumers are now feeling more empowered to put companies and regulators under pressure to ensure that their rights are respected, whether through individual complaints or group action, as we’ve seen recently with a huge spike in reports to the ICO (up by 160 per cent) and class action by 45,000 European citizens driven by three associations including Privacy International,” he added.

ICO reads the riot act to firms flouting GDPR

The Information Commissioner’s Office has not taken kindly to the open flouting of GDPR by a majority of organisations that process customer data, stating recently that failure to honour data access requests within thirty days could expose organisations to criminal prosecution.

“The right to access your own personal information is a fundamental and long-standing principle of data protection law. New laws brought into effect last May strengthen those rights even further.

“Organisations not only have to respect this right but must also respect notices from the ICO enforcing the law. If they fail to do so then they must accept the consequences, which can include a criminal prosecution,” said Mike Shaw, Criminal Enforcement Manager at the ICO.

Last Thursday, Westminster Magistrates fined housing developer Magnacrest Ltd nearly £1,500, including prosecution costs, victim surcharge, and monetary penalty, for not honouring a subject access request in April last year and also ignoring an enforcement notice issued by the ICO. The fines were imposed under the Data Protection Act, 1998 as the offense took place prior to the arrival of GDPR.

ALSO READ: ICO reminds small businesses to pay data protection fee or risk being fined

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]