Story image

Fines for UK data privacy issues surged 29% in 2017 - what will GDPR bring?

23 May 2018

Data protection is a prominent topic in IT circles at the moment, as recent statistics from PwC can attest.

Last year 91 enforcement actions for breaches of current data protection laws were taken by the Information Commissioner’s Office (ICO) in the UK alone, with 54 monetary policies issued to UK organisations to reach the grand sum of £4,207,500.

This is a significant amount not only because of its sheer size but also because of the fact it represents an increase of nearly a million pounds over the previous year.

And now with GDPR – the biggest change to data protection law for more than 20 years – literally hours away, one can only imagine what 2018 will hold with the threat of significantly larger fines.

PwC analysed the UK ICO data protection enforcement actions over the past four years as part of its global Privacy & Security Enforcement Tracker to determine monetary penalties, enforcement notices, prosecutions and undertaking.

“Our analysis found that almost half of last year’s UK data protection enforcement actions were due to marketing infringements, but security breaches and misusing data for profiling purposes also continued to appear as substantial causes of failure,” says PwC lead partner for GDPR and data protection Stewart Room.

“These are key areas for organisations to be mindful of as we move into this new era for data protection.”

Currently, the ICO can issue monetary penalties of up to £500,000 and in 2017 just 14 of the 54 fines issued were of more than £100,000. It’s certainly not a small fine, but it looks tiny when compared to the ammunition GDPR will bring where fines for failing to comply can be up to four percent of global turnover or €20 million, whatever is higher.

“The ICO has made it clear, however, that the GDPR is not about the increased fines and the maximum certainly won’t be the norm,” says Room.

“It’s really about putting consumer rights at the heart of today’s data-centred world. There’s an option for organisations here: simply see GDPR as a compliance exercise or embrace it and use it as an opportunity to get ahead of your competitors and win consumer trust.”

Room says GDPR’s imminent arrival has seen broad changes globally, which is encouraging.

“At Board tables all over the world we are hearing a refreshing new regard for personal data and in that sense, the GDPR has already been a great success,” says Room.

“Findings from our GDPR Readiness Assessments, which we’ve run with over 220 clients globally over the last two years, show that, in general, highly regulated sectors such as healthcare and financial services, which are used to dealing with regulatory change, tend to have a slight margin over others in terms of preparedness.”

However, despite these Room’s positive sentiments PwC believes that despite the two years of preparation time, many organisations still won’t be fully compliant due to its sheer complexity and the widespread business process changes often required.

If that’s the case, bring on the fines.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.