35 UK firms served monetary penalties for breaching privacy laws in 2016

35 UK firms served monetary penalties for breaching privacy laws in 2016

US firm pays $115mn as data breach settlement; UK firms totalled £3.2mn last year

The number of UK firms fined by the Information Commissioner’s Office for breaching data protection laws doubled to 35 in 2016.

The ICO imposed financial penalties of £3.2m on 35 UK firms for breaching existing data protection laws last year.

Banks fear they will not be ready to comply with GDPR regulations

According to a recent PwC analysis, the number of UK firms fined by the Information Commissioner’s Office for breaching data protection laws doubled from 18 in 2015 to 35 in 2016, making the UK one of the most active regions for regulatory enforcement action in Europe. The ICO also issued as many as 23 enforcement notices against erring firms in the said period. In 2015, the ICO had issued only 9 such enforcement notices.

As per the Data Protection Act, companies are liable to pay up to £500,000 as fines for breaching privacy rules. However, the fines are expected to go up significantly with GDPR replacing the DPA next year. The GDPR will impose maximum fines equivalent to 4% of a company’s global turnover or £20 million, whichever will be higher.

Because of the low volume of fines imposed under existing laws, the UK lags significantly behind the United States where fines of up to $250m were served on erring firms in 2016. However, only Italy bettered the UK in terms of volume of fines served in Europe last year.

With just a year to go, are UK businesses ready for GDPR?

“The ICO can currently issue fines up to £500,000, but with this set to increase to up to 4% of global turnover under the new regulation, UK organisations must use the remaining time to prepare for GDPR compliance before May next year,” said Stewart Room, PwC’s global cyber security and data protection legal services leader.

“We’ve performed more than 150 GDPR readiness assessments with our clients around the world. Many struggle to know where to start with their preparations, but also how to move programmes beyond just risk reviews and data analysis to delivering real operational change.

“It’s impossible to ignore the impact of the legal and regulatory change in this area in recent years. The GDPR has already been a force for good by bringing the issue to much wider attention. After all, who can argue against what is essentially a code for good business, where privacy by design becomes part of everyday operations?” he added.

Majority of UK businesses not ready for GDPR yet: YouGov survey

According to the PwC analysis, monetary fines imposed by the ICO on erring UK firms previously peaked at £2.3m in 2013 before coming down to £1.5m in 2014 and £2m in 2015. The ICO had imposed fines of only £541,000 on erring firms in 2011.

While monetary penalties served by the ICO rose from 18 to 35 between 2015 and 2016, prosecutions rose from 11 to 16, enforcement notices rose from 9 to 23 and undertakings rose from 25 to 30 in the same period. Unless companies change their existing practices to fully comply with GDPR rules once the legislation comes into effect, the number of fines and enforcement notices served by the ICO will rise to much higher levels from next year.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]