Posted on June 7, 2017 by staff

Data protection fines in UK almost double to £3.2m


The number of fines for breaching UK data protection laws almost doubled in 2016, making it ‘one of the most active regions for regulatory enforcement action in Europe’.

According to PwC, incidents attracted thirty-five penalties totalling more than £3.2m, and enforcement notices rose by 155 per cent.

With just under a year to go until the biggest change in privacy laws for over 20 years, organisations risk even larger fines if they fail to comply with the General Data Protection Regulation (GDPR).

Italy ranked closely behind the UK, dishing out €3.3m of fines.

But analysis of data protection actions over the past five years showed enforcement in Europe was low compared to the US, where fines of approximately $250m were served.

Stewart Room, PwC’s global cyber security and data protection legal services leader, said: “The ICO can currently issue fines up to £500,000, but with this set to increase… UK organisations must use the remaining time to prepare for GDPR compliance before May next year.

“We’ve performed more than 150 GDPR readiness assessments with our clients around the world.

“Many struggle to know where to start with their preparations, but also how to move programmes beyond just risk reviews and data analysis to delivering real operational change.

“It’s impossible to ignore the impact of legal and regulatory change in this area in recent years. The GDPR has already been a force for good by bringing the issue to much wider attention.

“After all, who can argue against what is essentially a code for good business, where privacy by design becomes part of everyday operations?”

PwC’s recent CEO Survey found 90 per cent of CEOs around the world believe breaches of data privacy and ethics will have a negative impact on stakeholder trust.

GDPR becomes law from May 2018 across the EU.

From then on, a variety of new compliance obligations will be imposed, including new rules about breach disclosure, data portability, and data use consent.

Organisations that fail to comply could face penalties of up to 4 per cent of global turnover, or €20m depending on which is higher.