🔆 📖 👤

Statutory Instruments

2010 No. 31

Data Protection

The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010

Made

6th January 2010

Laid before Parliament

12th January 2010

Coming into force

6th April 2010

The Secretary of State has consulted the Information Commissioner in accordance with section 67(3)(b) of the Data Protection Act 1998( 1 ).

Accordingly, the Secretary of State, in exercise of the powers conferred by sections 55A(5) and (7) and 55B(3)(b) of that Act( 2 ), makes the following Regulations:

Citation, commencement and interpretation

1. —(1) These Regulations may be cited as the Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 and come into force on 6th April 2010.

(2) In these Regulations references to sections are references to sections of the Data Protection Act 1998.

(3) In these Regulations—

“address” is construed in accordance with section 16(3);

“contravention” is construed in accordance with section 55A.

Prescribed amount

2. The prescribed amount for the purposes of section 55A(5) is £500,000.

Notices of intent

3. For the purposes of section 55B(3)(b) the prescribed information is—

(a) the name and address of the data controller;

(b) the grounds on which the Commissioner proposes to serve a monetary penalty notice, including—

(i) the nature of the personal data involved in the contravention,

(ii) a description of the circumstances of the contravention,

(iii) the reason the Commissioner considers that the contravention is serious,

(iv) the reason the Commissioner considers that the contravention is of a kind likely to cause substantial damage or substantial distress, and

(v) whether the Commissioner considers that section 55A(2) applies or that section 55A(3) applies, and the reason the Commissioner has taken this view;

(c) an indication of the amount of the monetary penalty the Commissioner proposes to impose and any aggravating or mitigating features the Commissioner has taken into account; and

(d) the date on which the Commissioner proposes to serve the monetary penalty notice.

Monetary penalty notices

4. For the purposes of section 55A(7) the prescribed information is—

(a) the name and address of the data controller;

(b) details of the notice of intent served on the data controller;

(c) whether the Commissioner received written representations following the service of the notice of intent;

(d) the grounds on which the Commissioner imposes the monetary penalty, including—

(i) the nature of the personal data involved in the contravention,

(ii) a description of the circumstances of the contravention,

(iii) the reason the Commissioner is satisfied that the contravention is serious,

(iv) the reason the Commissioner is satisfied that the contravention is of a kind likely to cause substantial damage or substantial distress, and

(v) whether the Commissioner is satisfied that section 55A(2) applies, or that section 55A(3) applies, and the reason the Commissioner is so satisfied;

(e) the reasons for the amount of the monetary penalty including any aggravating or mitigating features the Commissioner has taken into account when setting the amount;

(f) details of how the monetary penalty is to be paid;

(g) details of, including the time limit for, the data controller’s right of appeal against—

(i) the imposition of the monetary penalty, and

(ii) the amount of the monetary penalty; and

(h) details of the Commissioner’s enforcement powers under section 55D( 3 ).

Michael Wills

Minister of State

Ministry of Justice

6th January 2010

( 1 )

1998 c.29 .

( 2 )

Sections 55A and 55B were inserted into the Data Protection Act 1998 by section 144 of the Criminal Justice and Immigration Act 2008 (c. 4) .

( 3 )

Section 55D was inserted into the Data Protection Act 1998 by section 144 of the Criminal Justice and Immigration Act 2008 (c. 4) .

Status: This is the original version (as it was originally made). This item of legislation is currently only available in its original format.
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 (2010/31)

Displaying information

Status of this instrument

footnotecommentarytransitional and savingsin force statusrelated provisionsgeo extentinsert/omitsource countin force adj
Defined TermSection/ArticleIDScope of Application
Changes that affect Made by
Sort descending by Changed Legislation Sort descending by Year and Number Changed Provision Type of effect Sort descending by Affecting Legislation Title Sort descending by Year and Number Affecting Provision Sort descending by Changes made to website text Note
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 2010 No. 31 reg. 1(2) extended (with modifications) by S.I. 2003/2426, Sch. 1 para. 12(2) (as inserted) The Privacy and Electronic Communications (Amendment) Regulations 2018 2018 No. 1189 reg. 2(4) Not yet
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 2010 No. 31 reg. 3 extended (with modifications) by S.I. 2003/2426, Sch. 1 para. 12(3) (as inserted) The Privacy and Electronic Communications (Amendment) Regulations 2018 2018 No. 1189 reg. 2(4) Not yet
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 2010 No. 31 reg. 4 extended (with modifications) by S.I. 2003/2426, Sch. 1 para. 12(4) (as inserted) The Privacy and Electronic Communications (Amendment) Regulations 2018 2018 No. 1189 reg. 2(4) Not yet
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 2010 No. 31 Regulations revoked Data Protection Act 2018 2018 c. 12 Sch. 19 para. 350 Not yet

Status of changes to instrument text

The list includes made instruments, both those in force and those yet to come into force. Typically, instruments that are not yet in force (hence their changes are not incorporated into the text above) are indicated by description 'not yet' in the changes made column.