The warning came from the Information Commissioner’s Office (ICO) after Buckinghamshire housing developer Magnacrest was fined by Westminster Magistrates for breaching data protection laws.
Magnacrest pleaded guilty to a charge of failing to comply with an enforcement notice when it appeared before Westminster Magistrates on 6 February 2019.
The company was fined £300, with a £30 victim surcharge, and was ordered to pay £1,133.75 towards prosecution costs.
The court heard that an individual had submitted a subject access request on 17 April 2017.
A subject access request, or SAR, allows someone to request all the personal information an organisation holds about them. However, Magnacrest failed to provide the information within the required timescale of 40 calendar days and the individual complained to the ICO.
Mike Shaw, the ICO’s criminal enforcement manager, said that the right to access your own personal information is a fundamental and long-standing principle of data protection law.
He added: “New laws brought into effect last May strengthen those rights even further.
“Organisations not only have to respect this right but must also respect notices from the ICO enforcing the law. If they fail to do so then they must accept the consequences, which can include a criminal prosecution.”