Last year, for the very first time, the UK Information Commissioner’s Office (ICO) indicated its intention to take serious enforcement action against a processor. The fact that this comes some six years after the implementation of the GDPR is itself of note. Back in May 2018, processors found themselves with direct obligations under data protection law for the first time. At that time, there was a general sense that this would change the liability landscape.
Download the article as a PDF to continue reading.
