View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO Fines to explode under GDPR

The fines given last year by the ICO would be 79 time higher if the General Data Protection Regulation (GDPR) had been in effect, according to a new report.

By Joe Clark

The fines given last year by the ICO would be 79 times higher if the General Data Protection Regulation (GDPR) had been in effect, according to a new report.

The new analysis, from the NCC Group, found that last year’s £880,500 in fines given to British companies in 2016, would equate to £69 million under GDPR. Similarly, the £1 million fines given in 2015 would amount to £35 million.

GDPR is designed to protect the privacy  of European Citizens and applies to every business that collects personal data on citizens of the European Union, the law comes into effect on the 25th of May 2018.


Roger Rawlinson, managing director of NCC Group’s assurance division, told The Reigster: “GDPR isn’t just about financial penalties, but this analysis is a reminder that there will be significant commercial impacts for organisations that fall foul of the regulations.

“Businesses should have already started preparations for GDPR by now. Most organisations will have to fundamentally change the way they organise, manage and protect data. A shift of this size will need buy-in from the board.”

Currently the ICO can issue fines of up to £500,000 for failing to comply with the 1998 Data Protection Act,

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

However, fines under GDPR will be given for failing to protect citizens data. The EU has stated that fines could be in the range of €20 million or 4% of total worldwide annual turnover, meaning larger companies could potentially face billions of dollars in fines.

In 2016 one of the largest fines given by the ICO was to TalkTalk, for failing to protect the personal data of 160,000 customers. For this they were charged £400,000 Under GDPR this would have risen to an enormous £59 million.

Online pharmacy company, Pharmacy2U, was also fined £130,000 for selling customer information to marketing campaigns, without obtaining consent. If GDPR had been in effect this amount would have been in the region of £4.4m.

These price increases have caused some smaller businesses to worry that GDPR could put them out of business.


Topics in this article : , , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.