PwC’s UK Privacy & Security Enforcement Tracker has found that fines in the UK over data protection law violations totalled £6.5 million in 2018, a £2 million increase from 2017.
The Tracker analysed data protection enforcement actions by the UK Information Commissioner’s Office (ICO), including monetary fines, prosecutions and undertakings. The Tracker shows that the total sum of fines increased from 2017, but the number of ICO enforcements fell to 67 in 2018 from 91 in 2017.
Other key statistics from the Tracker include the following:
- A total of 292 million people were affected by the 67 enforcement actions taken by the ICO.
- Of the 67 enforcement actions, 6 actions related to prosecutions against those who committed a criminal offence under the UK’s Data Protection Act. Forty one Monetary Penalty Notices were issued by the ICO, resulting in organisations paying fines. There were also 4 undertakings and 16 Enforcement Notices.
- Marketing accounted for 50% of the enforcement actions, with 64% of those relating to telephone marketing.
- A quarter (25%) of the enforcement actions related to personal data security breaches.
It is interesting to note that the fines issued related mainly to activities which took place prior to the GDPR’s implementation on 25 May 2018. Further, despite private sector companies accounting for 86% of the enforcement actions, scrutiny remains on public sector organisations given the sensitive nature of the data they handle. This is indicated by the fact that the 6 Monetary Penalty Notices issued to local government bodies accounted for almost one-sixth (£975,000) of the total fines.