Story image

Fines for UK data privacy issues surged 29% in 2017 - what will GDPR bring?

23 May 18

Data protection is a prominent topic in IT circles at the moment, as recent statistics from PwC can attest.

Last year 91 enforcement actions for breaches of current data protection laws were taken by the Information Commissioner’s Office (ICO) in the UK alone, with 54 monetary policies issued to UK organisations to reach the grand sum of £4,207,500.

This is a significant amount not only because of its sheer size but also because of the fact it represents an increase of nearly a million pounds over the previous year.

And now with GDPR – the biggest change to data protection law for more than 20 years – literally hours away, one can only imagine what 2018 will hold with the threat of significantly larger fines.

PwC analysed the UK ICO data protection enforcement actions over the past four years as part of its global Privacy & Security Enforcement Tracker to determine monetary penalties, enforcement notices, prosecutions and undertaking.

“Our analysis found that almost half of last year’s UK data protection enforcement actions were due to marketing infringements, but security breaches and misusing data for profiling purposes also continued to appear as substantial causes of failure,” says PwC lead partner for GDPR and data protection Stewart Room.

“These are key areas for organisations to be mindful of as we move into this new era for data protection.”

Currently, the ICO can issue monetary penalties of up to £500,000 and in 2017 just 14 of the 54 fines issued were of more than £100,000. It’s certainly not a small fine, but it looks tiny when compared to the ammunition GDPR will bring where fines for failing to comply can be up to four percent of global turnover or €20 million, whatever is higher.

“The ICO has made it clear, however, that the GDPR is not about the increased fines and the maximum certainly won’t be the norm,” says Room.

“It’s really about putting consumer rights at the heart of today’s data-centred world. There’s an option for organisations here: simply see GDPR as a compliance exercise or embrace it and use it as an opportunity to get ahead of your competitors and win consumer trust.”

Room says GDPR’s imminent arrival has seen broad changes globally, which is encouraging.

“At Board tables all over the world we are hearing a refreshing new regard for personal data and in that sense, the GDPR has already been a great success,” says Room.

“Findings from our GDPR Readiness Assessments, which we’ve run with over 220 clients globally over the last two years, show that, in general, highly regulated sectors such as healthcare and financial services, which are used to dealing with regulatory change, tend to have a slight margin over others in terms of preparedness.”

However, despite these Room’s positive sentiments PwC believes that despite the two years of preparation time, many organisations still won’t be fully compliant due to its sheer complexity and the widespread business process changes often required.

If that’s the case, bring on the fines.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.