The Information Commissioner’s Office (ICO) published a statement on 15th April 2020 on their approach to enforcement and regulation of data protection matters during the Covid-19 pandemic (see link for full details).
The ICO say they recognise that companies have reduced resources during the pandemic which will impact on their ability to comply with all aspects of data protection laws. So they say they will take an empathetic, flexible and pragmatic approach to enforcement and will focus on the most serious data breaches that pose threats to the public.
But, they will take firm action against those trying to exploit the public during the pandemic.
The ICO’s flexible approach will mean fewer investigations, suspending any audits and possibly giving companies longer periods to respond on matters, such as subject access requests or to fix breaches. They’ve also said fines for breaches may be lower if a company can show that the breach was purely due to resource or other constraints during the pandemic… and they may not enforce against companies who fail to pay or renew their ICO registrations (again if it’s solely due to Coronavirus impacts).