If you have seen our myths & facts series over on LinkedIn, you will have seen a recent myth that people often think the ICO are out to get money from your business. That data breach reporting is all about punishing organisations.
This is actually far from the truth, and two recent cases highlight this. The ICO are planning to issue fines to these companies, based on their annual turnover, as opposed to a maximum penalty. These two high profile cases are British Airways & Marriott Hotels.
Historically, the ICO was seen to ‘lack teeth’, but it seems they are now taking bites of magnitude not seen to date. BA could face a fine of 1.5%, equating to £183.4 million, and a fine of 3% for Marriott, which equates to £99 million. Neither of these fines are final yet, both companies have the opportunity to put their own representation forward to the ICO.
Should you be concerned?
It is likely that the data you handle doesn’t have similar qualities or quantities as BA and Marriott. However, these unprecedented fines show that the ICO is willing to use its powers to inflict higher penalties than before.
Remember the fine imposed on Facebook following the Cambridge Analytica incident? That was only £500! Under these new powers, it could have been as high as £1.26 billion!!
Action plan for your business
GDPR is something that you should take seriously, no matter what size or stage your business is at. The first thing you need to do is review your current policies and ensure you are GDPR compliant.
The ICO is really cracking down on data breaches that compromise customer data, and they have the staff in place to deal with this workload now. Data protection compliance is an ongoing process, so get reviewing your GDPR practices now.
If you have a data breach, or would like help with some guidance around this subject, please contact us.