The Information Commissioner’s Office is planning a major overhaul of how it deals with companies that break data protection laws, paving the way for huge discounts on fines – of up to 40% – for early settlement.
The proposal is contained in the draft Enforcement Procedural Guidance which is out for consultation, and also reflects the changes to the regulators powers in the data protection legislation following the Data (Use & Access Act), which have either come into force or are expected to come into force in the coming months.
The move is designed to bring the ICO in line with other UK regulators like the Financial Conduct Authority, Prudential Regulatory Authority and the Competition & Markets Authority.
Discounts will be structured by stage: up to 40% before notices of intent, 30% after notices but before written arguments, and 20% after written arguments are submitted.
The settlement procedure aims to streamline investigations, which will save resources and allow the ICO to resolve cases faster. It will also save mounting costs of potentially lengthy appeals.
According to the ICO’s 2024/25 annual report, the regulator spent £1.3m on legal fees, although this was substantially down on the previous year when the bill came in at £3.5m.
To receive the discount, companies would need to admit the full nature, scope, and duration of their data protection infringements and waive their right to appeal the decision to the First-tier Tribunal.
The ICO has, in practice, already entered into settlements in the past, with recent cases like those involving Capita and Advanced Computer Software Group receiving significant effective discounts for cooperation.
However, the proposed changes would make this standard practice.
ICO executive director of regulatory supervision Tim Capel said: “The new guidance is significantly more detailed than the previous guidance on our approach to investigations and enforcement.
“It clearly sets out the processes we follow and the factors we consider when using our powers. We hope that this additional clarity and transparency is welcome. We’re keen to hear from law firms, data protection officers, privacy professionals and anyone else with an interest on what they think about the draft guidance.”
The consultation runs until January 23 2026.
Related stories
ICO fingers two rogue energy firms for ‘robo call’ blitz
Posh Windows duo barred after cheap and nasty calls
Firm that targets dodgy firms battered for dodgy calls
Horsham firm battered for knowingly using illegal data
ICO whacks two Greater Manchester firms on the PECR
PECR gripes hit 3-year high as Whac-A-Mole continues
Be the first to comment on "ICO to offer discounts for law breakers – if they fess up"