You are here

England and Wales

Survey Answer:

Under the General Data Protection Regulation (“GDPR”) which comes into force on 25 May 2018, Member States can set their own rules on penalties for infringements of data security. Member States may provide their own rules on criminal sanctions for infringement of the GDPR. So although there are no criminal sanctions for data security yet, there may well be in the future after GDPR has come into effect.
The UK Government has recently consulted on its proposed implementation of the Network and Information Systems Directive, but does not appear to intend to create criminal sanctions for non-compliance.

Provided By:
David Varney: Burgess Salmon LLP