Fines Increase & Enforcements Fall in First Year of GDPR
May 31, 2019
CCME (4607 articles)
Share

Fines Increase & Enforcements Fall in First Year of GDPR

Data protection monetary penalties have increased by GBP2m in the past year, while the number of enforcements issued fell by more than 20 from the number issued in 2017.

According to PwC‘s 2018 Privacy & Security Enforcement Tracker, monetary penalties issued to UK organizations for breaching data protection laws in the calendar year 2018 totaled more than GBP6.5m in 2018, over GBP2m more than the previous year.

The data also showed that while the total sum of fines has increased, the number of enforcements issued fell to 67 in 2018, from 91 in 2017.

After we marked a year since the deadline for GDPR compliance, the data also showed that private sector companies accounted for 86% of the enforcements, but scrutiny remains on the public sector given the sensitive nature of the data it handles. Also, a quarter (25%) of enforcement actions relate to personal data security breaches.

Stewart Room, lead partner for GDPR and data protection at PwC, said that the trend of enforcement remained constant in comparison with previous years, with marketing and security infringements dominating the regulatory agenda.

“The absence of any GDPR fines in 2018 was not surprising, as it takes many months for cases to work through the system, but we know that they are on their way,” he said. “As well as looking at how to improve their levels of legal compliance, I would encourage organizations to focus on how good approaches to the handling of personal data can help them to deliver on their business purpose, to help and sustain the creation of long term value and trust.”

In an email to Infosecurity, Emma Loveday-Hill, senior associate and data protection specialist at Prettys, said that as monetary penalty notices in the last year were issued under the old legislation (the Data Protection Act 1998), where the maximum fine was GBP500,000, there were still numerous high level fines issued due to the fact that there were a number of serious breaches.

“In terms of the reduction in enforcement notices, this is likely to be due to the fact that the ICO has been busy dealing with the backlog of complaints and issues brought to their attention since the introduction of the GDPR and DPA 2018,” she said.

“Investigations by their very nature take time to carry out, and given the likely number of the complaints and issues raised with the ICO, this has no doubt had an impact on how quickly enforcement notices are handed down.

“Our message is still very much ‘watch this space’ as the ICO are just getting started in terms of what they are doing under the GDPR and Data Protection Act 2018, and going forward we are likely to see a higher number of enforcement notices and fines coming through over the coming months as the ICO makes its goal for 2019 a clear one: breaches of data protection law will be taken seriously and financial penalties will be issued as a result of noncompliance.”

This post Fines Increase & Enforcements Fall in First Year of GDPR originally appeared on InfoSecurity Magazine.

Read More

Related articles

#DTXEurope: Defense Now Far Harder Than Attack, Warns Security Researcher

#DTXEurope: Defense Now Far Harder Than Attack, Warns Security Researcher

#CSASummit: Ten Years of Cloud Brought Risk, Regulations and Reliability

#CSASummit: Ten Years of Cloud Brought Risk, Regulations and Reliability

White Hats Update GandCrab Decryptor to Hasten its End

White Hats Update GandCrab Decryptor to Hasten its End