35 UK firms served monetary penalties for breaching privacy laws in 2016

35 UK firms served monetary penalties for breaching privacy laws in 2016

US firm pays $115mn as data breach settlement; UK firms totalled £3.2mn last year

The number of UK firms fined by the Information Commissioner’s Office for breaching data protection laws doubled to 35 in 2016.

The ICO imposed financial penalties of £3.2m on 35 UK firms for breaching existing data protection laws last year.

Banks fear they will not be ready to comply with GDPR regulations

According to a recent PwC analysis, the number of UK firms fined by the Information Commissioner’s Office for breaching data protection laws doubled from 18 in 2015 to 35 in 2016, making the UK one of the most active regions for regulatory enforcement action in Europe. The ICO also issued as many as 23 enforcement notices against erring firms in the said period. In 2015, the ICO had issued only 9 such enforcement notices.

As per the Data Protection Act, companies are liable to pay up to £500,000 as fines for breaching privacy rules. However, the fines are expected to go up significantly with GDPR replacing the DPA next year. The GDPR will impose maximum fines equivalent to 4% of a company’s global turnover or £20 million, whichever will be higher.

Because of the low volume of fines imposed under existing laws, the UK lags significantly behind the United States where fines of up to $250m were served on erring firms in 2016. However, only Italy bettered the UK in terms of volume of fines served in Europe last year.

With just a year to go, are UK businesses ready for GDPR?

“The ICO can currently issue fines up to £500,000, but with this set to increase to up to 4% of global turnover under the new regulation, UK organisations must use the remaining time to prepare for GDPR compliance before May next year,” said Stewart Room, PwC’s global cyber security and data protection legal services leader.

“We’ve performed more than 150 GDPR readiness assessments with our clients around the world. Many struggle to know where to start with their preparations, but also how to move programmes beyond just risk reviews and data analysis to delivering real operational change.

“It’s impossible to ignore the impact of the legal and regulatory change in this area in recent years. The GDPR has already been a force for good by bringing the issue to much wider attention. After all, who can argue against what is essentially a code for good business, where privacy by design becomes part of everyday operations?” he added.

Majority of UK businesses not ready for GDPR yet: YouGov survey

According to the PwC analysis, monetary fines imposed by the ICO on erring UK firms previously peaked at £2.3m in 2013 before coming down to £1.5m in 2014 and £2m in 2015. The ICO had imposed fines of only £541,000 on erring firms in 2011.

While monetary penalties served by the ICO rose from 18 to 35 between 2015 and 2016, prosecutions rose from 11 to 16, enforcement notices rose from 9 to 23 and undertakings rose from 25 to 30 in the same period. Unless companies change their existing practices to fully comply with GDPR rules once the legislation comes into effect, the number of fines and enforcement notices served by the ICO will rise to much higher levels from next year.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]