Law changes in the coming months mean that the Information Commissioner’s Office (ICO) enforcement powers will no longer be subject to a maximum penalty fine of only £500,000. If any person, company or organisation is found to have breached Data Protection laws in the U.K., they may find themselves slapped with a much heftier fine.
The new maximum fine can be 4% of the company’s global turnover or €20million (almost £17million); whichever is the largest.
The government is introducing this as they adopt stricter E.U. laws for data protection into U.K. legislation. Despite Brexit, the government have said that the new regulation will be implemented by May 2018 in any event.
This new legislation comes as part of efforts to crackdown on cybersecurity breaches and data leaks in line with the EU’s General Data Protection Regulation (GDPR).
The core aims of this new regulation are:
- To impose stricter penalties for breaching data protection laws;
- For those who breach data protection law, they must disclose the breach to the public;
- To make sure clear consent is obtained before accessing any citizens’ information.
The massive new fines covers circumstance of cyberattacks by a third party actor as well as human error issues. The ICO is a U.K. governmental body with the power to investigate breaches and to enforce penalties if they find any. One fairly recent big fine was to telecoms giant TalkTalk: a £400,000 fine for their data breach failures.
Hopefully, companies and organisations will see the ICO’s increase of enforcement power as an incentive to up their security and data protection protocols. The ICO often finds that security was lax in the first place, leading to vast and damaging data breaches that could have been entirely preventable.
Investment should be put towards installing strong and up-to-date cybersecurity measures to prevent illegal access. Companies also shouldn’t neglect to install measures to prevent internal errors or unauthorised access breaches as well.
With this new multi-million pound fine incentive, companies will surely have to prioritise security and finally look to provide proper and adequate training as well as monitoring to ensure no employees can cause any data breach blunders.
Investing a little time and money beefing up your security seems to be a much safer option than risking a £17 million or 4% global turnover fine from the ICO.
This new legislation will most likely prompt companies to take protecting their customers’ personal information much more seriously. This is the government’s main aim in introducing the higher fine.