Unless you have been living on another planet this week, you won’t have missed the ICO’s big moment in the sun. The Information Commissioner’s Office (ICO) has imposed two massive GDPR fines in recent days, enforcing new changes to the penalties for data security breaches.

It’s a bit like waiting on Euston Road for the number 29 bus for 40 minutes, and then two buses arriving at exactly the same time. Two massive GDPR fines for two massive household brands: a record £183m for British Airways, for losing data on over 500,000 customers; and £99m for Marriott Hotels, for losing data on over 30m customers residing in the EU ( with 339 million people impacted worldwide).

Before the new GDPR laws came into effect, the maximum penalties for companies after a data security breach were limited to a maximum of £500,000. Facebook was fined this maximum for their involvement in the Cambridge Analytica scandal back in 2017, leading many to question whether this maximum needed to be raised.

Now, under the new laws, the maximum has been raised to match €20m (roughly £18m), or 4% of their annual global turnover – and it’s clear that the ICO will be enforcing these massive GDPR fines. In the fallout of this news, we’re left asking two main questions: where will all this money go, and will it be used to create a “Super Privacy Police Force”, tasked with hunting for those companies that really haven’t got their house in order (and are putting customer data at risk)?

According to ICO published figures, the watchdog currently employs five hundred people across multiple locations. This may seem like a lot at first glance, but if you’ve ever had contact with them, the organisation doesn’t seem large enough to provide sufficient scrutiny on these large organisations.

At the time of writing, there only three current job vacancies advertised on its recruitment website, but it’s not difficult to imagine the ICO kicking off a new recruiting spree after these successes. The ICO in the UK states that it’s funded by the processing fees (which start at £40), but other countries across Europe utilise these data breach fines to supplement their own funding.

Will we see an increase in the Privacy Police in the UK? The ICO have certainly increased their scope today to include AdTech. It doesn’t appear we are going to see any more privacy bobbies on the beat any time soon, but I would certainly welcome an increase in the scrutiny around the use and storage of my personal data. In the long run, GDPR will be a good influence for both companies and individuals; a customer-led approach helps you avoid massive fines while driving better business in the future.

Written by Tim Connold


See all

Exciting changes to our website and brand image

read more

Beyond the Keynote: Events in data, with Cynozure.

read more
BlogCDO Hub

Skill can be bought – performance is built by a team.

read more
profile image

Join Our Mailing List.

We’d love to help keep you up to date with the latest technology, industry insights, trends, and more, direct to your inbox. Sign up to our monthly newsletter, which includes access to guest blogs from data leaders, as well as updates on our podcast, along with details on our exclusive events.


Content Access.

Please fill out your details below, and we'll send you the document via email.