The watchdog has established a new division – the Regulatory Action Division – devoted to protecting personal information held by businesses, organisations and individuals.
Until now, the enforcement of data protection obligations has been dealt with by a mixed compliance team, but this role has now been handed over to specialists, experienced in using the Commissioner’s powers to ensure compliance.
These powers include criminal prosecutions, cautions, enforcement notices, and audits.
According to Assistant Commissioner (Regulatory Action), David Smith, the changes are “designed to make life tougher for the minority of businesses that don’t take their data protection obligations seriously.”
“Negotiation will usually be our first option, but we won’t hesitate to take legal action swiftly against businesses where the circumstances warrant it,” he added.
