The UK ranked second when it came to the total value of GDPR (General Data Protection Regulation) fines issued by the different data protection regulators in Europe last year. That is according to a new report by financial experts Finbold. The findings show that while Italy tops the list with the highest fines for cyber incidents at €58.16 million, this was shared between 34 violations. The UK accounts for €43.9 million in penalties, but only from three violations.
The UK’s biggest fine was issued against British Airways (€22.04 million) for a breach that happened in 2018. This was also the third-highest fine in Europe.
The UK is still bound by the GDPR, despite leaving the EU.
Commenting on the findings, Kingsley Hayes, head of data breach at Keller Postman UK, said:
“After a slow start following the implementation of the GDPR two years ago, the various European regulators are now getting serious about big data breaches. In this period, privacy violations have rarely been out of the headlines, so today it is unlikely that any organisation would get away with pleading ignorance when it comes to the importance of data protection.
“However, it is not yet proven that large organisations appreciate the need to enact better data security measures. Indeed, earlier this month it was revealed that T-Mobile had suffered its fourth hack in less than three years. So, claims that companies ‘take the security of your information very seriously’ are not always proving to be true. It is good news for consumers that the ICO, and other European regulators, are showing a willingness to issue substantial financial penalties against companies that do not protect consumer data.”
Matthew Evans, expert data breach lawyer at Keller Postman UK, added:
“Following the British Airways fine in 2020, it was clear that the ICO penalty reflected the serious nature of the data breach and demonstrated to all how seriously they should take and follow GDPR rules and guidelines. Indeed, while the original fine was reduced from £183 million – partly because of the economic impact of Covid-19 on BA – this was still the largest fine ever imposed by the ICO.
“Today, investing in up-to-date, robust security systems and putting in place risk management practices such as cyber-attack simulations must be introduced by all organisations handling large amounts of personal data. Equally, they should have in place a rapid written response to such attacks. If not, we are only going to see more and more sizeable fines issued by the regulators over the next few years. Furthermore, when you consider the financial impact of data breach compensation on top of these fines, large-scale breaches could prove to be very costly indeed.”
In our regular update, we provide a roundup of some of the data breaches and… Read More
We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More
The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More
We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More
The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More
We have launched a group action against Capita. Group actions can be a powerful tool… Read More