The watchdog has established a new division – the Regulatory
Action Division – devoted to protecting personal information held
by businesses, organisations and individuals.
Until now, the enforcement of data protection obligations has
been dealt with by a mixed compliance team, but this role has now
been handed over to specialists, experienced in using the
Commissioner’s powers to ensure compliance.
These powers include criminal prosecutions, cautions,
enforcement notices, and audits.
According to Assistant Commissioner (Regulatory Action), David
Smith, the changes are “designed to make life tougher for the
minority of businesses that don’t take their data protection
obligations seriously.”
“Negotiation will usually be our first option, but we won’t
hesitate to take legal action swiftly against businesses where the
circumstances warrant it,” he added.
