View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

UK data breach fines double to £3.2m as GDPR looms on the horizon

Enforcement notices rose by 155% according to PwC analysis.

By Ellie Burns

Thirty-five fines totalling £3,245,500 were handed out for breaches of UK data protection law – nearly double the total in 2015.

In what should be of real concern to those companies still unprepared for the impending GDPR, there was a staggering 155% increase in the number of data protection enforcement actions issued in 2016.

In 2015 just nine notices were issued, compared to the 23 enforcement notices issued last year. What makes this huge increase even more surprising is the fact that 2016 was the year that organisations were required to take steps to ensure compliance after a data breach, as well as it being the first year in the journey to GDPR compliance.

According to PwC analysis of ICO data protection enforcement actions, the UK was one of the most active regions for regulatory enforcement action in Europe last year, along with Italy (€3.3m). However, the low level financial penalties seen in Europe sits in stark contrast to the US where fines of approximately $250m were served.

UK data breach fines double to £3.2m as GDPR looms on the horizon

PwC analysed the UK Information Commissioner’s Office (ICO) data protection enforcement actions over the past five years, specifically looking at monetary penalties, enforcement notices, prosecutions and legal undertakings.

“The ICO can currently issue fines up to £500,000, but with this set to increase to up to 4% of global turnover under the new regulation, UK organisations must use the remaining time to prepare for GDPR compliance before May next year,” said Stewart Room, PwC’s global cyber security and data protection legal services leader.

PwC’s recent CEO Survey found that 90% of CEOs around the world believe breaches of data privacy and ethics will have a negative impact on stakeholder trust, so the time to put this top of the agenda is now before GDPR becomes law from 25 May 2018. From then on, a variety of new compliance obligations will be imposed, including new rules about breach disclosure, data portability, and data use consent. Organisations that fail to comply could face penalties of up to 4% of global turnover or €20m depending on which is higher.

UK data breach fines double to £3.2m as GDPR looms on the horizon“We’ve performed more than 150 GDPR readiness assessments with our clients around the world. Many struggle to know where to start with their preparations, but also how to move programmes beyond just risk reviews and data analysis to delivering real operational change,” said Mr Room.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

“It’s impossible to ignore the impact of legal and regulatory change in this area in recent years. The GDPR has already been a force for good by bringing the issue to much wider attention. After all, who can argue against what is essentially a code for good business, where privacy by design becomes part of everyday operations?”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU