The UK data protection regulator, the Information Commissioner, has published statutory guidance on how it will use its new power to impose fines of up to £500,000. The new power is likely to come into force on 6 April 2010. The new fining powers will apply to all data controllers in the UK, including banks and other financial services institutions, and mark a substantial strengthening of the current enforcement powers. UK data protection enforcement risk is about to undergo its biggest change ever, as currently the ICO powers are limited to issuing enforcement notices and powers of entry and inspection. Christopher Graham, the new Information Commissioner, has already stated that the ICO "will not be a toothless bulldog" and "will come down hard if you get it wrong".