Housing developer hit with fine over data protection failure

ICO slaps firm with penalty for failing to comply with Subject Access Request

The exterior of the building used by the Information Commissioner's Office (ICO)

A housing developer has been slapped with almost 1,500 in fines and penalties by the Information Commissioner's Office (ICO) over its failure to abide by data protection laws.

The developer, Magnacrest Ltd, failed to comply with a Subject Access Request, which led to it being brought before Westminster Magistrates and fined by the data protection watchdog.

The SAR was submitted to Magnacrest by an unnamed individual on 17 April 2017, and included a cheque for 10, to cover the processing fee that companies are legally allowed to charge for processing a SAR.

Magnacrest was reported to the ICO after it failed to provide the individual's data within the 40-day time limit mandated by UK data protection laws, and then repeatedly reminded of its legal responsibilities by the ICO via mail and phone.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

After Magnacrest still refused to comply with the SAR, the ICO issued an enforcement notice on 30 January last year, compelling it to do so. Failing to comply with an enforcement notice is a criminal offence, and the developer was subsequently charged, pleading guilty on Wednesday this week.

Luckily for the Buckinghamshire-based developer, the SAR was submitted in 2017, before GDPR came into force. As such, its failure constituted a breach of the Data Protection Act 1998, and Magnacrest was only ordered to pay a 300 fine, 1,133.75 in prosecution costs and a 30 victim surcharge. Under GDPR, it would have been liable for a substantially higher fine.

"The right to access your own personal information is a fundamental and long-standing principle of data protection law," said the ICO's criminal enforcement manager Mike Shaw. "New laws brought into effect last May strengthen those rights even further."

"Organisations not only have to respect this right but must also respect notices from the ICO enforcing the law. If they fail to do so then they must accept the consequences, which can include a criminal prosecution."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020