GDPR Appeals

GDPR gives you the right to appeal ICO penalties after a databreach.

Today, companies failing to comply with this legislation may be investigated, fined or held liable for any damages. If your company faces ICO penalties regarding a GDPR breach, you may wish to appeal or build a defence. Contact us today on 0333 200 5859

Our solicitors can help you appeal cases of GDPR breaches

The legal specialists at DPP GDPR have provided assistance in a great many data protection appeals. We can help you to:

  • Prove your compliance with GDPR if this is questioned by the ICO
  • Provide evidence that any data breach was not a result of negligence on your part
  • Prepare an appeal against any decision by the ICO or tribunal
  • Have any penalty commuted to a lesser one
  • Build a strong defence, then represent you at any tribunal

Contact DPP GDPR today on 0333 200 5859 for help appealing an ICO decision.

What can I appeal against?

You can appeal any decision made against you following an investigation by the ICO, including decisions to:

  • Request information from you
  • Investigate or assess your practices
  • Enforce any changes, bans or restrictions related to your business
  • Serve you with a penalty or penalty variation notice

What does a breach of GDPR appeal involve?

There is a notice of appeal form available from that can be used to fight the above decisions.

It is important to enclose supporting documents with the form, including dates, relevant notices from the ICO and your replies.

You can email this to [email protected] or post it to General Regulatory Chamber, HM Courts & Tribunals Service, PO Box 9300, Leicester, LE1 8DJ.

When should I appeal?

If you’re appealing a decision related to an ICO investigation, you have 28 days to appeal from the date you are notified of that decision.

You may ask for more time if you have a valid reason for appealing late.

What are the steps in a GDPR appeal

You’ll receive a response regarding your appeal within 28 days. After that, you’ll still have 14 days to respond and provide further evidence.

You’ll be able to choose whether your appeal is decided through the exchange of documents alone or at a tribunal.

Once a decision is made, you’ll be informed within 4 weeks. You may then appeal to an upper tribunal if you disagree with that decision.

If you then wish to appeal against the decision of the upper tribunal, your case will be heard in the court of appeal.

What does a tribunal involve?

If you are to attend a tribunal, your case will be dealt with independently in the General Regulatory Chamber.

The tribunal will take into account evidence and information from both sides, then come to a decision.

The hearing will be presided over by a judge, and two other tribunal members may also attend. There will also be an ICO representative present, and you may bring a legal representative to make your case.

Our GDPR solicitors can also advise you on:

  • Technology law
  • General contract law
  • GDPR compliance
  • Dealing with Data Breaches
  • GDPR Audits

Who are the ICO?

ICO stands for the Information Commissioner’s Office. This is the official body that regulates and oversees GDPR compliance in the UK.

If you are blamed for a breach of GDPR or any supporting regulations under the Data Protection Act 2018, the ICO will investigate these claims.

If it is found that your company was at fault, you may face:

  • In-depth audits and investigations
  • Attendance at a tribunal
  • Official warnings
  • Temporary or permanent restrictions or bans relating to the collection, processing or sharing of data
  • Orders to make significant changes to your processes
  • Restrictions on your permission to process particular types of data or share it with third parties or overseas
  • Fines (for a less serious breach these could reach 2% of your annual revenue or €10 million – whichever is greater. For a severe breach, you may have to pay up to 4% of your annual revenue or €20 million)
  • Prosecution

Under what circumstances can you appeal to ICO?

You may appeal if you feel you have been wrongly:

  • Asked for information
  • Made the subject of an investigation or assessment
  • Ordered to change your practices
  • Banned or restricted from certain activities
  • Fined
  • Prosecuted

Frequently Asked Questions

How many days do you have to appeal a GDPR penalty charge?

You can appeal within 28 days of receiving notice of a penalty. You may be permitted to extend this under certain circumstances.

What does it cost to appeal against the ICO’s decision?

It is free to appeal any decision of this kind.

What happens when the ICO’s decision is appealed?

If the appeal is granted, you may decide to attend a tribunal or resolve the case through correspondence and exchange of evidence. If you disagree with the decision, you can take the case to the upper tribunal and then – if necessary – the court of appeal.

Your appeal may result in no change, the commutation of your penalty or your penalty being overturned.

For further help regarding GDPR or legal advice related to any breach of data protection, contact our data protection solicitors on 0333 200 5859.

Call now 0333 200 5859