Menu
Compliance Compendium
  • Back to Home
  • Blog
Compliance Compendium
gdpr-thats-fine

GDPR that’s fine!

Posted on January 14, 2019January 22, 2019

GDPR, that’s fine!

Before 25th May 2018 many companies were unsure how the GDPR legislation (actually called the UK Data Protection Act 2018 – aka UK DPA 2018) would affect their business practices. In the run-up to the legislation, the headlines focused on the potential for eye-watering fines for non-compliance (of up to 4% of global annual turnover).

Many commentators seem to feel that fines levied by the UK Information Commissioners Office (ICO) to date have been small in comparison to expectation. Part of that has been because what should have been headline-grabbing fines ended up being much lower because the companies involved were fined under the 1998 version of the Data Protection Act. The second reason is that the ICO has given companies time to get their houses in order. Thirdly, the ICO is not a large organisation so they have had to target their resources on other matters before training their sights on likely offenders. Finally, the ICO says that they want people to comply rather than handing out fines.

Regarding recent fines, if you do the sums (and it doesn’t appear that anyone else has) then what actually happened is that fines increased by nearly 90% in 2018 over 2017.

So, we can only expect fines to increase further as the ICO gain resources as it will be free of the distraction of revamping its information to incorporate DPA 2018. 2019 will be the year that we start to see the GDPR legislation taking a firm hold and fines increase in both volume and value. The largest fine we might see in 2019 could be as a result of the Marriott Hotels Starwood Guest Reservation System data breach. Marriott has already tried to manoeuvre their way into being considered under the older less punitive legislation by saying that this was a long-term breach. Nice try, but I think the ICO will be looking to increase their Marriott Rewards.

2019 will also be the year of an increase in lower key fines. Think of a speeding ticket analogy. These will not grab the headlines in value but volume should increase as the ICO get used to issuing fines. Even though they would rather not issue any…

 

Year Enforcements Value Increase
2015 19 £2,186,250
2016 31 £2,979,000 36.26%
2017 52 £3,977,500 33.52%
2018 37 £7,543,500 89.65%

Source UK Information Commissioners Office

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

©2026 Compliance Compendium | Powered by SuperbThemes & WordPress