The Future of Data Protection: A Look Back at the Impact of GDPR. In 2018, data protection reform significantly shaped the landscape across the UK & EEA. Nearly 600 days have passed since the implementation of GDPR, prompting an examination into the regulatory influence on industries. As incidents continue to grow in frequency, businesses are dedicating resources to fortify their compliance strategies. With this objective, I undertook a study of the preceding year, aiming to identify noteworthy trends that could aid us in future compliance preparations.
Starting from the 25th of May 2018. The ICO has administered 39 monetary penalties. Thus in the year 2019 alone, businesses grappling with data breaches or non-conformity faced fines amounting to 1.65 million pounds. In summary these instances span various sectors and business vertices.
Data Protection Breach By Industry:
- Marketing Companies – 11 Cases
- Financial or Insurance Companies – 6 Cases
- General Business – 4 cases
- Land or Property Services – 2 Cases
- Ecommerce businesses – 2 Cases
- Manufacture – 2 Cases
- Transport – 2 Cases
- Health & Medical – 2 Cases
- Other – 8 Cases
So, let’s delve into the financial aspect and grasp the numerical details. The regulatory body in the UK has imposed over 38 monetary penalties since the 25th of May 2018. Notably, several of these breaches transpired prior to the activation of the regulations. Resulting in the absence of GDPR-related fines for the implicated companies. This observation leads me to infer that forthcoming penalties are likely to surpass the figures presented in this article. This expectation is rooted in the legislation’s stipulation of a maximum fine of 20 million euros or, in the case of a business entity, up to 4% of its total global turnover from the preceding fiscal year—whichever value is higher
Key Data Protection Events since 2018:
On June 7, 2018, the Information Commissioner’s Office (ICO) imposed a fine of £100,000 on ‘The British & Foreign Bible Society.’ Their computer network had been compromised in a cyber-attack back in 2016, and the fine was attributed to their security shortcomings, which jeopardized the personal data of their supporters.
Subsequently, on August 1, 2018, the ICO levied a £100,000 fine upon ‘AMS Marketing Ltd.’ This penalty arose from their engagement in 75,649 nuisance calls to individuals who had already opted out of receiving marketing calls by enlisting with the Telephone Preference Service (TPS).
Furthermore, on December 13, 2018, the ICO fined ‘Tax Return Limited,’ a firm based in London, £200,000. This substantial penalty was a consequence of their distribution of millions of unsolicited marketing text messages, a clear breach of consent and data protection regulations. The evidence of this unauthorised communication and data breach provided the ICO with grounds to pursue monetary sanctions against the company.
Key Data Protection Events since 2019:
On January 31, 2019, the Information Commissioner’s Office (ICO) imposed an £80,000 fine on ‘Alistar Green Legal Services Limited,’ an entity located in Liverpool. This fine was a result of their engagement in 213 nuisance calls to subscribers of the Telephone Preference Service (TPS) between March and July 2017.
Moving forward, on March 26, 2019, the ICO issued a £40,000 fine against ‘Grove Pensions Limited.’ This penalty arose due to their dissemination of nearly two million direct marketing emails without proper consent, coupled with the provision of “misleading” professional advice. The firm’s actions incited customer discontent, triggering a wave of complaints that prompted the ICO to scrutinize their adherence to compliance standards.
Additionally, on April 10, 2019, the ICO penalized television company ‘True Vision Productions’ with a £120,000 fine. This action followed the company’s involvement in unfair and unlawful filming within a maternity clinic.
Finally, on August 2, 2019, the ICO fined ‘Making it Easy Ltd’ £160,000. The basis for this fine was their unauthorised placement of spam calls to individuals who were registered with the Telephone Preference Service (TPS).
The future Of Data Protection 2019 Update:
Since 2019, the UK has witnessed several significant data breaches and subsequent fines that have underscored the critical importance of data protection. One notable incident involves the Marriott International breach in 2019, affecting around 339 million guest records globally and resulting in a £18.4 million fine by the Information Commissioner’s Office (ICO) in the UK. Another major breach implicated British Airways in 2018, where hackers accessed personal and financial details of nearly 500,000 customers, leading to a proposed fine of £183 million. Furthermore, the ICO imposed a substantial fine of £20 million on British Airways in 2020 for another breach, highlighting their commitment to enforcing data protection regulations. These incidents, along with others, have significantly raised awareness about cybersecurity and data privacy, prompting organisations to reevaluate their data security practices and compliance with the General Data Protection Regulation (GDPR).
With GDPR imposing more severe penalties, businesses should strongly consider embracing the changes and swiftly implementing strategies to comply with data governance regulations. Despite this, a significant number of organisations have not yet acted, largely because they haven’t experienced tangible consequences of the regulations in their sector or immediate environment. This prevailing stance is expected to become more evident in 2024, as the regulatory authority plans to establish a precedent, highlighting the importance of these regulations for national security and privacy standards.
Data Protection Summary:
The upcoming year seems ready for a heightened discussion fueled by consumer activism, exploring the core of data privacy and how these new laws and controls are put into action. In my view, instances of data misuse and breaches have undermined trust, making it urgent to restore confidence among numerous data subjects. Achieving this goal requires adopting transparent data processing practices and fostering an authentic connection with consumers regarding the use and non-use of their data.
In summary, taking a proactive stance toward data protection will yield improved data management compliance benchmarks. This proactive approach not only diminishes the probability of breaches but also enhances the efficacy of data utilisation to address business challenges, thereby fostering growth and advancement for your enterprise.
For more info on how to implement data protection get in touch with our team : https://compliancedirectsolutions.com/data-protection/gap-analysis-compliance-audit/