Firms “Must Use Remaining Time” To Prepare For GDPR

The number of firms fined for breaching data protection laws almost doubled in 2016, but new rules launching in May 2018 could see penalties for infringement soar.

PricewaterhouseCoopers (PwC), who published the research, said 35 businesses were fined amounting to £3.2 million in total.

It added that a further 23 enforcement notices (forewarnings that require an organisation to improve compliance) were issued. PwC says this is a 155 per cent year-on-year increase.

However, new rules coming into effect next May could see fines exceed more than £17.4 million.

The General Data Protection Regulation, or GDPR, will “protect EU citizens’ data privacy” and “reshape the way organisations across the region approach data privacy”.

It means firms will face much tougher obligations and harsher penalties if they fail to comply.

Under the GDPR, the Information Commissioner’s Office (ICO) can issue fines of up to 4 per cent of an organisation’s global turnover, or 20 million euros, whichever is higher.

Comparatively, ICO has the power to charge just £500,000 at present.

Stewart Room, an expert in global cybersecurity and data protection at PwC, said: “UK organisations must use the remaining time to prepare for GDPR compliance before May next year.”

Whilst some core concepts will remain the same under the GDPR (such as personal data, data controllers and data processors), the GDPR ultimately introduces new key concepts (such as greater enforcement powers and territorial scope) which businesses must consider and beware of prior to implementation next year.