Wow, an actual fine!
I'm amazed to see this happen, especially to a government agency. As I posted in the past day in another ICO-related article:
ICO are a complete waste of space
Just received the final response from ICO on a case I raised about 6 months ago.
Once again whilst the ICO indicated that they agree the government agency did not comply with GDPR and PECR the case is now closed with their usual waffle along the lines of them telling the agency to ensure staff attend mandatory training annually and that the agency's policies and procedures must be updated to reflect GDPR.
This for a complaint that was specifically regarding the agency's Data Protection Officer failing to adequately perform their duties (as defined in GDPR) and of their DPO failing to get actively involved in my original direct complaint to the agency (at the time the agency's DPO simply passed my complaint on to the "relevant team", did not get involved in the issue at all, and did not even acknowledge receipt of my complaint). The DPO even had the audacity to claim that PECR was nothing to do with them as their DPO duties only covered GDPR compliance.
For the various cases I've raised with ICO over the past couple of years the ICO has yet to take *any* significant action as a result of any of the complaints, even when they agree, for the majority of these cases, that GDPR/PECR has been broken.
Biting the hand that feeds IT
