Support Centre

Isle of Man: Commissioner imposes first administrative fine under the Applied GDPR

The Information Commissioner ('the Commissioner') announced, on 25 June 2020, that it had issued a penalty notice, fining the Department of Home Affairs ('the Department') £12,250, as the first administrative fine under the Applied General Data Protection Regulation (Regulation (EU) 2016/679) ('Applied GDPR'). In particular, the Commissioner highlighted that the fine is a result of the Department's failure to comply with the right of access to personal data in accordance with Articles 12 and 15 of the Applied GDPR and its failure to comply with an extant enforcement notice issued under Section 36 of the Data Protection Act 2002 ('the Act') in respect of compliance with the right of access to personal data provided under that Act. In addition, the Commissioner outlined that, in regard to the right of access, controllers are obliged to facilitate requests for access to personal data, take action on requests without undue delay and comply with the request within one month of receipt, and provide the data subject with a copy of the personal data undergoing processing at the time the request was received.

You can read the press release here, the enforcement notice here, and the penalty notice here.