UK data privacy breach fines soar to over £3m in 2016

The number of fines handed out for breaking UK data protection laws almost doubled last year, making Britain one of the most active regions for regulatory enforcement across Europe.

According to figures from the UK’s Information Commissioner’s Office (ICO) analysed by professional services firm PwC, fines for data protection breaches hit over £3.2m in 2016, putting the UK on par with Italy, where fines totaled £3.3m, but dramatically below the US where fines of approximately $250m (£195m) were served.

A recent PwC survey found that 90 per cent of chief executive officers globally believe breaches of data privacy and ethics have a negative impact on stakeholder trust, and PwC warned that ahead of new regulation coming into force next year it was therefore paramount that businesses prioritise security and privacy.

Last Thursday marked a year until the General Data Protection Regulation (GDPR) comes into effect. Non-compliance penalties could lead to fines of up to €20m (£17.5m) or 4 per cent of a company’s global annual turnover.

“We’ve performed more than 150 GDPR readiness assessments with our clients around the world. Many struggle to know where to start with their preparations, but also how to move programmes beyond just risk reviews and data analysis to delivering real operational change,” said Stewart Room, PwC’s global cyber security and data protection legal services leader.

He said that the ICO can currently issue fines of up to £500,000, but considering how big the fines will be for not complying with GDPR, it is important that UK organisations use the coming months to prepare.

In 2016, 35 fines were served for breaking data protection laws in the UK, compared to 18 in 2015 for a total of just over £2m. That already represented a sharp increase from the £1.2m issued in 2014.