New research has highlighted the risks to companies of breaching data protection regulations, after 35 fines totalling £3,245,500 were imposed in 2016 – almost double the total in 2015.
This risk is likely to increase in the future, says PwC, with the introduction of the General Data Protection Regulation (GDPR) in just under a year’s time.
PwC analysed data protection enforcement action taken by the UK Information Commissioner’s Office over the past five years, specifically looking at monetary penalties, enforcement notices, prosecutions and legal undertakings. The analysis for 2016 found that that 23 enforcement notices were issued in 2016 – when organisations are required to take steps to ensure compliance after a data breach – a 155% increase on the nine notices issued in 2015.
The UK was apparently one of the most active regions for regulatory enforcement action in Europe last year, along with Italy (€3.3m). But whereas the European pattern has seen comparatively low volumes of regulatory enforcement actions, with low level financial penalties, this is in stark contrast to the US where fines of approximately $250m were served.
PwC’s recent CEO Survey found that 90% of CEOs around the world believe breaches of data privacy and ethics will have a negative impact on stakeholder trust, so the time to put this top of the agenda is now before the GDPR becomes law across the EU from 25th May 2018. From then on, a variety of new compliance obligations will be imposed, including new rules about breach disclosure, data portability, and data use consent. Organisations that fail to comply could face penalties of up to 4% of global turnover, or €20m, depending on which is higher.
For expert legal advice on these issues, or other areas of business regulation, then contact our specialist commercial lawyers today.