UK companies incur data breach fines of £3.2 million
Breaches of UK data protection laws during 2016 incurred 35 fines, reaching a total of £3.2 million, which is almost double the 2015 total.
The findings come from consultancy firm PwC, which analysed the UK Information Commissioner’s Office (ICO) data protection enforcement actions over the past five years.
According to PwC, UK companies will face even higher fines if they fail to comply with the upcoming General Data Protection Regulation (GDPR).
The 2016 analysis found that that 23 enforcement notices – when organisations are required to take steps to ensure compliance after a data breach – were issued that year. That was a 155 per cent increase on the nine notices issued in 2015.
PwC also revealed that the UK was one of the most active regions for regulatory enforcement action in Europe last year. However, the firm added that while Europe has generally seen comparatively low volumes of regulatory enforcement actions, with low-level financial penalties, the US saw fines of approximately $250 million (£198 million) served.
According to PwC’s recent CEO Survey, 90 per cent of chief executives around the world believe breaches of data privacy and ethics will have a negative impact on stakeholder trust. This means that companies should prioritise the issue before the GDPR becomes law on May 25th 2018 across the EU.
Organisations that fail to comply with it will face penalties of up to four per cent of global turnover or €20m, depending on which is higher.
Stewart Room, PwC’s global cyber security and data protection legal services leader, said: “The ICO can currently issue fines up to £500,000, but with this set to increase to up to four per cent of global turnover under the new regulation, UK organisations must use the remaining time to prepare for GDPR compliance before May next year.”
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.