sb-eu logo
Story image

Fines for UK data privacy issues surged 29% in 2017 - what will GDPR bring?

23 May 2018

Data protection is a prominent topic in IT circles at the moment, as recent statistics from PwC can attest.

Last year 91 enforcement actions for breaches of current data protection laws were taken by the Information Commissioner’s Office (ICO) in the UK alone, with 54 monetary policies issued to UK organisations to reach the grand sum of £4,207,500.

This is a significant amount not only because of its sheer size but also because of the fact it represents an increase of nearly a million pounds over the previous year.

And now with GDPR – the biggest change to data protection law for more than 20 years – literally hours away, one can only imagine what 2018 will hold with the threat of significantly larger fines.

PwC analysed the UK ICO data protection enforcement actions over the past four years as part of its global Privacy & Security Enforcement Tracker to determine monetary penalties, enforcement notices, prosecutions and undertaking.

“Our analysis found that almost half of last year’s UK data protection enforcement actions were due to marketing infringements, but security breaches and misusing data for profiling purposes also continued to appear as substantial causes of failure,” says PwC lead partner for GDPR and data protection Stewart Room.

“These are key areas for organisations to be mindful of as we move into this new era for data protection.”

Currently, the ICO can issue monetary penalties of up to £500,000 and in 2017 just 14 of the 54 fines issued were of more than £100,000. It’s certainly not a small fine, but it looks tiny when compared to the ammunition GDPR will bring where fines for failing to comply can be up to four percent of global turnover or €20 million, whatever is higher.

“The ICO has made it clear, however, that the GDPR is not about the increased fines and the maximum certainly won’t be the norm,” says Room.

“It’s really about putting consumer rights at the heart of today’s data-centred world. There’s an option for organisations here: simply see GDPR as a compliance exercise or embrace it and use it as an opportunity to get ahead of your competitors and win consumer trust.”

Room says GDPR’s imminent arrival has seen broad changes globally, which is encouraging.

“At Board tables all over the world we are hearing a refreshing new regard for personal data and in that sense, the GDPR has already been a great success,” says Room.

“Findings from our GDPR Readiness Assessments, which we’ve run with over 220 clients globally over the last two years, show that, in general, highly regulated sectors such as healthcare and financial services, which are used to dealing with regulatory change, tend to have a slight margin over others in terms of preparedness.”

However, despite these Room’s positive sentiments PwC believes that despite the two years of preparation time, many organisations still won’t be fully compliant due to its sheer complexity and the widespread business process changes often required.

If that’s the case, bring on the fines.

Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More