GDPR Compliance and ICO Enforcement

Posted in Blog articles by Matt Hodges-Long on 08/03/2017

Awareness of the upcoming General Data Protection Regulation (GDPR) is growing across the business community as the Information Commissioner’s Office (ICO) gets ready to see its enforcement powers rise from a maximum of £500k under the Data Protection Act to a maximum of €20m or 4% of global turnover under the GDPR.

Here is a high level comparison of ICO Enforcement in 2016 vs 2015 drawn from TrackMyRisks detailed analysis of ICO enforcement data…

ICO Enforcement by Industry Sector 2016ICO Enforcement by Industry Sector 2015

2016 vs 2015 ICO Enforcement Comparison

  • Total number of enforcements down by 4%
  • Enforcement against the Government down by 24%
  • Enforcement against Financial Services sector up by 211%
  • Enforcement against Telecommunications sector up by 1,200%
  • Largest ever ICO fine (£400k) levied against TalkTalk in Oct 2016.

Commentary

Our detailed analysis of ICO Enforcement has highlighted an increasing focus on private sector businesses away from Government and Healthcare. In advance of GDPR coming into effect on 25th May 2018, we have also seen a record ICO fine awarded against TalkTalk at £400k or 80% of the maximum fine under current rules.

It has also been reported that the ICO are looking to recruit additional staff in order to cope with GDPR implementation and enforcement.

To create your own risk visualisations from over 40m records, please Log In to your TrackMyRisks account and click on Risk Reports. If you need deeper analysis or you don’t have a TrackMyRisks account, please click the “ENQUIRE NOW” button at the top of this page.