The fines given last year by the ICO would be 79 times higher if the General Data Protection Regulation (GDPR) had been in effect, according to a new report.
The new analysis, from the NCC Group, found that last year’s £880,500 in fines given to British companies in 2016, would equate to £69 million under GDPR. Similarly, the £1 million fines given in 2015 would amount to £35 million.
GDPR is designed to protect the privacy of European Citizens and applies to every business that collects personal data on citizens of the European Union, the law comes into effect on the 25th of May 2018.
Roger Rawlinson, managing director of NCC Group’s assurance division, told The Reigster: “GDPR isn’t just about financial penalties, but this analysis is a reminder that there will be significant commercial impacts for organisations that fall foul of the regulations.
“Businesses should have already started preparations for GDPR by now. Most organisations will have to fundamentally change the way they organise, manage and protect data. A shift of this size will need buy-in from the board.”
Currently the ICO can issue fines of up to £500,000 for failing to comply with the 1998 Data Protection Act,
However, fines under GDPR will be given for failing to protect citizens data. The EU has stated that fines could be in the range of €20 million or 4% of total worldwide annual turnover, meaning larger companies could potentially face billions of dollars in fines.
In 2016 one of the largest fines given by the ICO was to TalkTalk, for failing to protect the personal data of 160,000 customers. For this they were charged £400,000 Under GDPR this would have risen to an enormous £59 million.
Online pharmacy company, Pharmacy2U, was also fined £130,000 for selling customer information to marketing campaigns, without obtaining consent. If GDPR had been in effect this amount would have been in the region of £4.4m.
These price increases have caused some smaller businesses to worry that GDPR could put them out of business.