ICO Fines – Don’t fall foul of the rules

Published on: 14/08/2020

#Data Protection

Back in March, Cathay Pacific were fined £500,000 for failing to protect the security of its customers’ personal data.  This used to be the largest fine that the ICO could impose under the Data Protection Act 1998 but the Data Protection Act 2018 now allows for a fine of anywhere up to 20 million euros or 4% of annual worldwide turnover, whichever is greater.

There have also been a number of fines imposed over recent months for unsolicited marketing emails and calls including two this month, namely:  

  • £100,000 fine for Koypo Laboratories Limited for instigating 21,166,574 unsolicited marketing emails without consent  
  • £80,000 fine for Rain Trading Limited for making 270,774 unsolicited marketing  calls to individuals without consent

In the current economic crisis it would not be surprising if more businesses turned their attention to marketing but these fines are a stark warning to organisations to ensure they comply with data protection obligations in doing so.

Please do not hesitate to get in contact with our data protection team if you have any questions.


This information is for guidance purposes only and should not be regarded as a substitute for taking professional and legal advice. Please refer to the full General Notices on our website.