| I guess the UK ICO has a different (read: the correct) view: ""When we do need to apply a sanction, fines will not always be the most appropriate or effective choice," Denham said. "Compulsory data protection audits, warnings, reprimands, and enforcement notices are all important enforcement tools. The ICO can even stop an organisation processing data." "None of these will require an organisation to write a cheque to the Treasury, but they will have a significant impact on their reputation and, ultimately, their bottom line," she said." https://www.out-law.com/en/articles/2018/april/gdpr-uk-watch... This is stuff the ICO has been doing for decades anyway, because they've always had the power. Remember when they got a warrant to search the London Office of Cambridge Analytica? That was pre-GDPR. If you think you know more than the UK Information Commissioner's Office about GDPR compliance, you're delusional. |