Reprimands inappropriate for big business
Reprimands should be limited to 2 cases only:
1) Public bodies, where a fine is irrelevant (moving money around government, and no impact on the organisation). In that case the breach should always be publicised so that the appropriate oversight (civil service, parliament, and the public) can make sure the problem is not just fixed but lessons are learnt.
2) Small companies, where the ICO decides that the company, and the public, are best served by the company mending its ways, and a fine is not the way to force them.
Reprimands should never be used for large commercial companies who have made a clear breach. Those companies can afford to take advice and do audits and must be incentivised to beef up their internal systems and processes to make sure they not just take external advice but act on it.
If the company took advice but decided to go against it then there should be legal action against the directors personally.