The fourth annual PwC Privacy and Security Enforcement Tracker has been released and has revealed that the Information Commissioners Office (ICO) had issued over £4m in fines to UK organizations for breaches in data information infringements.
This happens to be an increase of £1m of the overall value of fines which were imposed in 2016. In total there were 54 fines issued to UK organizations for breaches, which again was a significant increase from the 35 that were imposed in 2016. The charity sector suffered the most with 11 monetary penalty notices imposed by the ICO which equated to 20% of the UK total.
The report analyzed the key regulatory enforcement cases in the UK and found that almost half of last year’s UK data protection enforcement actions were due to marketing infringements and more specifically, telephone marketing. It was also found that security breaches and misusing data for profiling purposes also continued to appear as substantial causes of failure.
With the European General Data Protection Regulation (GDPR), the time is now for organizations to get their security and data protection initiatives in check and operational in time. At the current rate, the ICO has the power to fine up to £500,000 although since its inception, it has never issued a maximum penalty. Under GDPR, the ICO will be given greater authority with fines also raised to up to £17m or 4% of the organization’s global turnover, depending on which is greater. Fines will also be issued if businesses fail to meet the GDPR compliance requirements which includes declaring a data breach or incident within 72-hours.
What is worrisome is that many companies are nowhere near GDPR ready with some even admitting that they haven’t heard of the new regulation! If this is the case, then the ICO could have a busy start to life under GDPR.
Protecting data has never been more important and while there is bound to be a teething period with the new regulation, companies need to ensure that they are taking compliance seriously- and not just for compliance sake. By embracing the new rules and best practice set out in the GDPR, organizations will have happier, well-protected customers and save themselves from fines and scrutiny.
Article Source: InfoSecurity-Magazine.com