How will the ICO Regulate Compliance During the Pandemic?

Together we are Forbes


16 April, 2020

Bethany Paliga
Senior Associate

Yesterday, the ICO published a document which sets out how it will regulate data protection compliance during the coronavirus pandemic. The document should provide comfort to organisations facing staff and operations shortages and acute financial pressure, that the ICO will take a pragmatic and proportionate approach to regulation during these unprecedented times.

In the document, the ICO has recognised that the public health emergency has meant that the ICO has had to reassess its priorities and resources. Therefore, the ICO will be focussing on:

  • Taking firm action against those who exploit the public health emergency through nuisance calls or misuse of personal information;
  • Being flexible in its approach to regulation, taking into account the impact of the potential economic or resource burden its action could place on organisations; and
  • Providing maximum support to organisations as they recover from the public health emergency.

In practice, this shift in focus by the ICO will mean:

  • Delaying the publication of any new guidance that could place a burden on frontline staff;
  • Taking into account the impact of the pandemic when dealing with complaints from the public by providing organisations with longer than usual to respond or rectify any breaches;
  • Conducting fewer investigations;
  • Suspending all outstanding information request backlogs; and
  • Taking into account the economic impact and affordability of any fines issues - which is likely to mean the level of fines will reduce.

The ICO has urged organisations to continue to report personal data breaches to them where appropriate although it will take an empathetic and proportionate approach to those breaches reported. The ICO expects to conduct fewer investigations during this time and will focus its efforts on serious non-compliance and organisations deliberately breaching data protection law in order to take advantage of the current crisis.

The current data protection law is flexible and is not a barrier to keeping the public safe during this crisis. This document highlights how the ICO intends to regulate data protection compliance in the coming months. It will be kept under review and will be updated as necessary as the situation progresses.

A copy of the publication can be viewed here -

For more information contact Bethany Paliga in our Governance, Procurement & Information department via email or phone on 01254 222347. Alternatively send any question through to Forbes Solicitors via our online Contact Form.

Learn more about our Governance, Procurement & Information department here

Furlough scheme cut-off date extended - what the updated guidance…

Restrictive Covenants-freeing up the restrictions

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday: