Research carried out by law firm RPC has suggested that the average data protection fine levied by the Information Commissioner’s Office (ICO) has risen by 14% in the year since the introduction of the General Data Protection Regulation (GDPR).
The GDPR came into effect on 25 May 2018, placing additional obligations on businesses in regard to the safeguarding of personal data.
According to RPC, the average fine has increased from £125,000 in 2017/18 to £143,000 in 2018/19. The law firm also suggested that, since the introduction of the GDPR, the ICO ‘is becoming more willing to levy bigger fines’.
‘The ICO has already begun to ratchet up the value of fines, and it has barely scratched the surface of its powers,’ said Richard Breavington, Partner at RPC.
‘However, we don’t expect to see blockbuster €20 million fines being levied in the near future. So far, the regulator has only started to hit businesses with the £500,000 maximum fine for breaches under the old Data Protection Act.’