The total value of penalties imposed by the Information Commissioner’s Office (ICO) rose to just under £5 million in the 12 months to the 30th of September 2018, up 24% from £4 million the year before.
The year witnessed a host of significant data breach fines in the UK, including Equifax which was issues with a maximum £500,000 fine last month and Carphone Warehouse which was fined £400,000 for failing to protect customer and employee data adequately.
Data breach reports see 75% increase in last two years
The introduction of the General Data Protection Regulations (GDPR) is expected to result in higher fines for larger businesses over the medium term. The ICO is likely to hold off on issuing large fines to SMEs, however, as GDPR fines are proportionate to the risk posed by a breach. The regulator has also said it will not be making early examples of businesses for minor infringements by issuing large fines.
Under the EU’s General Data Protection Regulation (GDPR), the ICO can impose fines of up to €20m (£17.8m), or four per cent of annual global turnover.
Richard Breavington, Partner at RPC, said: “A doubling in the average size of a fine should serve as a wake-up call to businesses. However, political pressure is mounting.
“Given that there seems to be no slowdown in the number of cyber-attacks today – businesses need to see how they can mitigate the risks to their customer when there is an attack.”
“For example, businesses should ensure that they take out cyber insurance policies so that they can bring in experts to contain the impact of an attack and limit the exfiltration of data.”