Data breach fines double year on year

Friday 9th November 2018

In another indication of the data protection zeitgeist, researchers at RPC, a professional services firm, found that average fines levied by the Information Commissioner’s Office (‘ICO’) have doubled in a year. Businesses that failed to protect data faced average fines of £146,000, compared with the previous figure of £73,000. The total value of fines rose to around £5 million, up from £4 million in the year 2016/17. Additionally, the ICO stated last month that data breach reports had increased 75% in the past two years.


Our recent E-Brief commented on the Court of Appeal decision in the Morrisons data breach case. Employers can control significant volumes of employee, and client data and should be mindful that under the GDPR and DPA 2018, firms can be fined €20 million or 4% of global turnover by the ICO, in addition to any damages claims.

It is anticipated that in the medium term, GDPR will result in an increase in value of fines for larger firms. The ICO has stated previously it will not make an example of SMEs following minor infringements. As the number of breaches is not slowing down, employers should consider ways to mitigate risks to customer and employees in the event of a breach.