Number of Data Breach Fines Doubles Costing UK Organisations £3.2m
In 2015, the UK was one of the most active regions for regulatory data privacy enforcement actions; yet last year there were thirty-five data breach fines, totalling £3,245,500, almost double that of the previous year.
Introduction to GDPR
With significant changes to privacy laws due on 25th May 2018, UK organisations risk increasing fines if they fail to protect themselves from data privacy issues or aren’t compliant with the General Data Protection Regulation (GDPR).
Data reports over the last five years from the UK Information Commissioner’s Office (ICO) on monetary penalties, enforcement notices, prosecutions and legal undertakings reveal that there was an 155% increase in the number of enforcement notices issued from 2015 to 2016. This is despite organisations now being required to follow up with compliance after each data breach.
A recent survey identified that 90% of CEO’s globally believe that data breaches will result in a negative impact on the relationships held with stakeholders. Therefore, efforts need to be made to address this before the GDPR becomes law across the EU next May, as new compliance obligations, data breach disclosure rules, data portability and data use consent rules will be introduced. The ICO can currently issue fines of up to £500,000, but the introduction of the GDPR law means that organisations who fail to meet these new rules will face higher fines of up to 4% global turnover or €20 million depending which is higher.
With these significant data breach changes planned for 2018, organisations need to begin to prepare now to fully understand the changes and protect themselves from increased fines. For more information on UK data privacy issues and data breaches, please click here.