Existing law is rarely enforced in the UK. Just look at the farce that was the Google/NHS trials if you want one example, or the ICO's failure to act when 3UK proposed giving Shine/Rainbow the browsing habits of their customers.
Huge fines have already been available for quite some time but the ICO seems to prefer using their toothless 'undertakings', and even getting that far seems to take an inordinate amount of effort.
As for criminal offences, it might be worth remembering that the City of London Police were wined and dined by the very people that happened to be the subject of one of their investigations (Phorm) before conveniently closing it without prosecuting anybody.
Forgive me if I fail to see anything changing any time soon.
Why should those flouting the rules now be any more less confident about breaking them when GDPR/data protection bill comes into force? The price of avoiding justice seems to be little more than that of a good meal. We also have a regulator so keen to avoid enforcement that it's difficult to stop from asking ourselves why we should bother with them.
P.S. 'cmomitting'?
Biting the hand that feeds IT
