A record fine of £50,000 for misuse of personal information, according to the ICO website. But those looking after personal data need to be aware that the potential fines under the new data protection legislation coming into force in May 2018 could be far higher.

The current regime under the Data Protection Act 1998 caps fines at £500,000. The new General Data Protection Regulation could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year (whichever is greater). 

These figures look scary, and they're meant to be. But the message for those who deal with personal data is that if you haven't already started looking at how you will ensure compliance with the new legislation, you need to do so now. Demonstrating that you comply is also a key feature, so having a written policy will not be enough!

For advice on your situation, please feel free to contact Martin Noble, a data protection specialist, on 0116 257 4472 and martin.noble@shma.co.uk