This article is more than 1 year old

UK trigger-happy over fines for data breaches compared with Europe

Penalties double, but it's nothing next to GDPR

The UK is among the most fined nations in Europe for data protection breaches, doubling the amount of penalties to £3.2m (€3.6m) during 2016.

According to an analysis by mega consultancy firm PwC, breaches of UK data protection laws last year were followed by 35 fines.

It found that the UK Information Commissioner's Office (ICO) also issued 23 enforcement notices in 2016 – a 155 per cent increase on the nine sent in 2015.

Italy is the only other country in Europe to hand out comparable fines.

The ICO has previously been criticised for not fining companies more. The highest fines it has so far issued are of £400,000 to Keurboom and TalkTalk. The maximum penalty currently permitted under the Data Protection act is £500,000.

However, under the the General Data Protection Regulation, which will come into force in May 2018, the penalties for a data breach will either be €20m (£17m) or 4 per cent of global annual revenue, whichever is highest.

Last week, Information Commissioner Elizabeth Denham warned that companies are unprepared for GDPR and some small businesses "might not even know" a new regime is looming.

Stewart Room, PwC's global cybersecurity bod, welcomed GDPR as a "force for good" by bringing the issue to much wider attention – no doubt while rubbing his hands together. "After all, who can argue against what is essentially a code for good business, where privacy by design becomes part of everyday operations?"

And if PwC just happens to drum up a nice bit of consultancy business over the changes, well, who can argue against that either? ®

More about


Send us news

Other stories you might like