Housing developer hit with fine over data protection failure

ICO slaps firm with penalty for failing to comply with Subject Access Request

The exterior of the building used by the Information Commissioner's Office (ICO)

A housing developer has been slapped with almost 1,500 in fines and penalties by the Information Commissioner's Office (ICO) over its failure to abide by data protection laws.

The developer, Magnacrest Ltd, failed to comply with a Subject Access Request, which led to it being brought before Westminster Magistrates and fined by the data protection watchdog.

The SAR was submitted to Magnacrest by an unnamed individual on 17 April 2017, and included a cheque for 10, to cover the processing fee that companies are legally allowed to charge for processing a SAR.

Advertisement - Article continues below

Magnacrest was reported to the ICO after it failed to provide the individual's data within the 40-day time limit mandated by UK data protection laws, and then repeatedly reminded of its legal responsibilities by the ICO via mail and phone.

After Magnacrest still refused to comply with the SAR, the ICO issued an enforcement notice on 30 January last year, compelling it to do so. Failing to comply with an enforcement notice is a criminal offence, and the developer was subsequently charged, pleading guilty on Wednesday this week.

Luckily for the Buckinghamshire-based developer, the SAR was submitted in 2017, before GDPR came into force. As such, its failure constituted a breach of the Data Protection Act 1998, and Magnacrest was only ordered to pay a 300 fine, 1,133.75 in prosecution costs and a 30 victim surcharge. Under GDPR, it would have been liable for a substantially higher fine.

Advertisement
Advertisement - Article continues below

"The right to access your own personal information is a fundamental and long-standing principle of data protection law," said the ICO's criminal enforcement manager Mike Shaw. "New laws brought into effect last May strengthen those rights even further."

"Organisations not only have to respect this right but must also respect notices from the ICO enforcing the law. If they fail to do so then they must accept the consequences, which can include a criminal prosecution."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020