ICO issues maximum pre-GDPR fine on major UK retailer
Last month the Information Commissioner’s Office (ICO), the UK data protection regulator, imposed a monetary penalty notice of £500,000 on electronics retailer DSG Retail Limited (DSG), a company better known by its trading brands, such as Currys PC World and Dixons Travel. DSG is a subsidiary of Dixons Carphone plc.
The personal data breach occurred during a compromise of DSG’s systems in the time period between 24 July 2017 to 25 April 2018 – before GDPR came into force.
The ICO’s decision to impose the maximum penalty is another clear example of the fact that the ICO is determined to use its fining powers when it considers it appropriate and to impose high fines for what it considers to be serious failures.