In 2021 fines issued by the Information Commissioner’s Office (ICO) surged by 1580% according to an analysis by international law firm RPC.
The total amount of fines issued came to a record £42 million, originating mainly from two high profile data breaches that caused millions of people's personal data to become exposed.
These two breaches were:
1. The 2018 breach from British Airways which saw the personal data of 429,612 customers and staff compromised.
British Airways was fined £20M for this.
2. The 2020 breach from hotel chain Marriott International which saw an estimated 339 million guest records exposed globally.
Marriott International was fined £18.4M for this.
Richard Breavington, a partner at RPC, commented that “Clearly, the ICO will impose blockbuster fines when it wants large organisations to sit up and take notice.”
Under the General Data Protection Regulation (GDPR), the maximum fine the ICO can issue is £17.5m or 4% of a company’s total worldwide annual turnover, whichever is higher.
Photo by Michael Longmire on Unsplash