The UK's Information Commissioner, Elizabeth Denham, recently recommended at a Parliamentary meeting to discuss the draft Digital Economy Bill, that the government should hold company directors with personal liability and accountability for data breaches.
Under current laws, directors of companies generally have no personal liability or accountability for breaches of data protection law committed by their companies.
Denham claimed that the ICO issued a total of £4 million in fines in the last year, and only collected a small percentage of that sum. This is down to companies who had committed serious breaches of data protection law would shut down following the fine, quickly re-opening with the same management, staff and premises only with a new corporate identity.
The ICO recently imposed a fine of £400,000 on UK ISP TalkTalk, which was its largest fine ever for a breach of data protection law. With the General Data Protection Regulation's honeymoon period ending on the 25 May 2018, it will give the ICO the power to impose fines of up to the greater sum of €20 million or 4 percent of worldwide turnover.