U.K. push for GDPR reprimand transparency draws mixed reviews
The U.K.’s data protection regulator began publishing the details of cases where organizations breached the General Data Protection Regulation (GDPR) but were not fined.
The Information Commissioner’s Office (ICO) believes the move highlights the regulator’s pragmatism regarding GDPR enforcement and improves transparency.
The ICO’s director of investigations said in December the regulator would publish all reprimands from January 2022 onward, excluding cases involving national security and ongoing legal proceedings. In a speech at the National Association of Data Protection Officers conference in November, Information Commissioner John Edwards said he wanted “to have a predictable approach to enforcement,” where “regulating for outcomes, not outputs” was the main driver.