Recent months have seen the media awash with warnings of the heightened data breach risks as many of us adapt to working from home. What an opportune moment then for the ICO to publish for consultation its draft guidance on how it will regulate and enforce data privacy laws in the UK post-Brexit, including issuing penalty notices for such breaches. Once finalised, the guidance will complement the ICO’s Regulatory Action Policy, setting out the watchdog’s  approach to the use of its regulatory tool kit and the punitive power it wields.

Just over a year since the Data Protection Act 2018 (DPA 2018) set new standards for protecting personal data in accordance with the General Data Protection Regulation (GDPR), the Information Commissioner’s Office (ICO) has announced its intention to issue its first penalty fines under the new regime. The ICO intends to impose an eye watering £183m fine for a data breach on the ‘world’s favourite airline’ British Airways (BA) and £99m on Marriott, an international hotel group.