Story image

Fines for UK data privacy issues surged 29% in 2017 - what will GDPR bring?

23 May 18

Data protection is a prominent topic in IT circles at the moment, as recent statistics from PwC can attest.

Last year 91 enforcement actions for breaches of current data protection laws were taken by the Information Commissioner’s Office (ICO) in the UK alone, with 54 monetary policies issued to UK organisations to reach the grand sum of £4,207,500.

This is a significant amount not only because of its sheer size but also because of the fact it represents an increase of nearly a million pounds over the previous year.

And now with GDPR – the biggest change to data protection law for more than 20 years – literally hours away, one can only imagine what 2018 will hold with the threat of significantly larger fines.

PwC analysed the UK ICO data protection enforcement actions over the past four years as part of its global Privacy & Security Enforcement Tracker to determine monetary penalties, enforcement notices, prosecutions and undertaking.

“Our analysis found that almost half of last year’s UK data protection enforcement actions were due to marketing infringements, but security breaches and misusing data for profiling purposes also continued to appear as substantial causes of failure,” says PwC lead partner for GDPR and data protection Stewart Room.

“These are key areas for organisations to be mindful of as we move into this new era for data protection.”

Currently, the ICO can issue monetary penalties of up to £500,000 and in 2017 just 14 of the 54 fines issued were of more than £100,000. It’s certainly not a small fine, but it looks tiny when compared to the ammunition GDPR will bring where fines for failing to comply can be up to four percent of global turnover or €20 million, whatever is higher.

“The ICO has made it clear, however, that the GDPR is not about the increased fines and the maximum certainly won’t be the norm,” says Room.

“It’s really about putting consumer rights at the heart of today’s data-centred world. There’s an option for organisations here: simply see GDPR as a compliance exercise or embrace it and use it as an opportunity to get ahead of your competitors and win consumer trust.”

Room says GDPR’s imminent arrival has seen broad changes globally, which is encouraging.

“At Board tables all over the world we are hearing a refreshing new regard for personal data and in that sense, the GDPR has already been a great success,” says Room.

“Findings from our GDPR Readiness Assessments, which we’ve run with over 220 clients globally over the last two years, show that, in general, highly regulated sectors such as healthcare and financial services, which are used to dealing with regulatory change, tend to have a slight margin over others in terms of preparedness.”

However, despite these Room’s positive sentiments PwC believes that despite the two years of preparation time, many organisations still won’t be fully compliant due to its sheer complexity and the widespread business process changes often required.

If that’s the case, bring on the fines.

ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Exclusive: Okta’s new GM shares its APAC strategy
“We believe that partnering with systems integrators, independent software vendors and consulting companies is a key factor of success for Okta.”
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.
Combatting the rise of Cybercrime-as-a-Service
Amateur cybercriminals (or anyone with a grudge), can execute spam attacks, steal people’s identities, and more. 
ThreatQuotient partners with Visa for payments safety
“Cyber criminals are reusing tactics, techniques and procedures, leaving a recognisable trail of breadcrumbs and insights into the very attacks they are launching.”