|
answer text |
<p>Most breaches of the GDPR are not criminal offences and would not therefore be
subject to criminal prosecution. The Information Commissioner’s Office (ICO) can,
however, impose large administrative fines on organisations which fail to comply.
The very worst data breaches, including those involving the unlawful obtaining or
disclosure of data, may be subject to criminal prosecution under the Data Protection
Act 2018. Investigations into offences committed since the Act came into force in
May 2018 have not yet reached the prosecution stage.</p>
|
|