- Latest available (Revised)
- Original (As enacted)
This is the original version (as it was originally enacted).
(1)If the Commissioner is satisfied that a person—
(a)has failed or is failing as described in section 149(2), (3), (4) or (5), or
(b)has failed to comply with an information notice, an assessment notice or an enforcement notice,
the Commissioner may, by written notice (a “penalty notice”), require the person to pay to the Commissioner an amount in sterling specified in the notice.
(2)Subject to subsection (4), when deciding whether to give a penalty notice to a person and determining the amount of the penalty, the Commissioner must have regard to the following, so far as relevant—
(a)to the extent that the notice concerns a matter to which the GDPR applies, the matters listed in Article 83(1) and (2) of the GDPR;
(b)to the extent that the notice concerns another matter, the matters listed in subsection (3).
(3)Those matters are—
(a)the nature, gravity and duration of the failure;
(b)the intentional or negligent character of the failure;
(c)any action taken by the controller or processor to mitigate the damage or distress suffered by data subjects;
(d)the degree of responsibility of the controller or processor, taking into account technical and organisational measures implemented by the controller or processor in accordance with section 57, 66, 103 or 107;
(e)any relevant previous failures by the controller or processor;
(f)the degree of co-operation with the Commissioner, in order to remedy the failure and mitigate the possible adverse effects of the failure;
(g)the categories of personal data affected by the failure;
(h)the manner in which the infringement became known to the Commissioner, including whether, and if so to what extent, the controller or processor notified the Commissioner of the failure;
(i)the extent to which the controller or processor has complied with previous enforcement notices or penalty notices;
(j)adherence to approved codes of conduct or certification mechanisms;
(k)any other aggravating or mitigating factor applicable to the case, including financial benefits gained, or losses avoided, as a result of the failure (whether directly or indirectly);
(l)whether the penalty would be effective, proportionate and dissuasive.
(4)Subsections (2) and (3) do not apply in the case of a decision or determination relating to a failure described in section 149(5).
(5)Schedule 16 makes further provision about penalty notices, including provision requiring the Commissioner to give a notice of intent to impose a penalty and provision about payment, variation, cancellation and enforcement.
(6)The Secretary of State may by regulations—
(a)confer power on the Commissioner to give a penalty notice in respect of other failures to comply with the data protection legislation, and
(b)provide for the maximum penalty that may be imposed in relation to such failures to be either the standard maximum amount or the higher maximum amount.
(7)Regulations under this section—
(a)may make provision about the giving of penalty notices in respect of the failure,
(b)may amend this section and sections 156 to 158, and
(c)are subject to the affirmative resolution procedure.
(8)In this section, “higher maximum amount” and “standard maximum amount” have the same meaning as in section 157.
The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Text created by the government department responsible for the subject matter of the Act to explain what the Act sets out to achieve and to make the Act accessible to readers who are not legally qualified. Explanatory Notes were introduced in 1999 and accompany all Public Acts except Appropriation, Consolidated Fund, Finance and Consolidation Acts.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: