Intro

Unless you have been living on another planet this week, you won’t have missed the ICO’s big moment in the sun. The Information Commissioner’s Office (ICO) has imposed two massive GDPR fines in recent days. This enforces new changes to the penalties for data security breaches.

It’s a bit like waiting on Euston Road for the number 29 bus for 40 minutes, and then two buses arriving at exactly the same time. Two massive GDPR fines for two massive household brands. A record £183m for British Airways, for losing data on over 500,000 customers.

Then, £99m for Marriott Hotels, for losing data on over 30m customers residing in the EU ( with 339 million people impacted worldwide). As personal data becomes a greater concern, good data management is more important than ever.

Think back to before the new GDPR laws came into effect. The maximum penalties for companies after a data security breach were limited to a maximum of £500,000. Facebook was fined this maximum for their involvement in the Cambridge Analytica scandal back in 2017. In turn, this led many to question whether this maximum needed to be raised.

where do ico fines go

Where do ICO fines go?

Now, under the new laws, the maximum has been raised. Fines will now match €20m (roughly £18m), or 4% of their annual global turnover. From this recent news, it’s clear that the ICO will be enforcing these massive GDPR fines. In the fallout of this news, we’re left asking two main questions.

Where will all this money go, and will it be used to create a ‘Super Privacy Police Force’? Could we see a watchdog tasked with hunting for those companies that haven’t got their house in order (and are putting customer data at risk)?

According to ICO published figures, the watchdog currently employs five hundred people across multiple locations. This may seem like a lot at first glance. Yet, if you’ve ever had contact with them, the organisation doesn’t seem large enough to provide sufficient scrutiny on these large organisations.

At the time of writing, there only three current job vacancies advertised on its recruitment website. However, it’s not difficult to imagine the ICO kicking off a new recruiting spree after these successes.

where do ico fines go

ICO fines funding a GDPR task force?

The ICO in the UK states that it’s funded by the processing fees (which start at £40). In comparison, other countries across Europe utilise these data breach fines to supplement their own funding.

Will we see an increase in the Privacy Police in the UK? Certainly, the ICO have increased their scope recently to include AdTech. It doesn’t appear we are going to see any more privacy bobbies on the beat any time soon. However, I would certainly welcome an increase in the scrutiny around the use and storage of my personal data.

In the long run, GDPR will be a good influence for both companies and individuals. A customer-led approach helps you avoid massive fines while driving better business in the future.

Interested in Data Governance? Our 'Fundamentals of Data Management' white paper explains everything you need to know about governance, including how to effectively manage and secure your data.

White Paper: Fundamentals of Data Management

Written by Tim Connold

Related.

See all
Blog
14.02.20

36 episodes later: highlights from the Hub & Spoken podcast

read more
data-guided
Whitepaper
13.01.20

How to Create a Data-Guided Organisation.

read more
data trends for 2020
Blog
19.12.19

7 Data Trends for 2020 | Jason Foster

read more
profile image
Close

Join Our Mailing List.

We’d love to help keep you up to date with the latest technology, industry insights, trends, and more, direct to your inbox. Sign up to our monthly newsletter, which includes access to guest blogs from data leaders, as well as updates on our podcast, along with details on our exclusive events.

Close

Content Access.

Please fill out your details below, and we'll send you the document via email.