Although the sanctions for breaching the provisions of the GDPR have been widely circulated and are far higher than the current maximum fine (£500,000), the ICO has stated many times that fines are the last option; providing support and assistance are greater priorities and the first course of action that they will take, depending on the circumstances of course. In the event of a data breach, the ICO will take into account the actions, overall approach and compliance efforts of the data controller responsible. Therefore, it is of importance not only to comply with the provisions of the GDPR, but to understand the ICO’s stance on relevant issues. Follow this link to view the ICO’s strategic goals in respect of information rights, from 2017 to 2021: https://ico.org.uk/media/2014134/20170413icoinformationrightsstrategicplan2017to2021v10.pdf
