Update on GDPR Fines

According to research carried out by Reynolds Porter Chamberlain, average fines from the Information Commissioner’s Office (ICO) rose from £73,000 in the year ending September 2017 to £146,000 in the year ending September 2018. The total value of fines increased by a huge 24% to £4.98m (previously £4m the year before). The rise in fines is due largely to the introduction of new stiffer penalties under the General Data Protection Regulation (GDPR) regime, which was introduced in May 2018. In accordance with this regime, potential fines have significantly increased to €20m or 4% of annual global turnover (whichever is higher). The ICO’s penalties were previously capped at £500,000. The ICO has said that they will not suddenly start imposing huge fines however with the cap gone, the risk to businesses of a significant fine for data protection breaches is a real one and businesses are being urged to invest in compliance. Amongst those businesses already issued with fines is Car Phone Warehouse, which faced a fine of £400,000 in January 2018 for failing to adequately protect the data of customers and employees from a cyber attack in 2015.