GDPR & Data Protection Act Fines
With the arrival of GDPR in 2018 and its UK parallel, the Data Protection Act 2018 (DPA2018), the power for the ICO to issue fines increased dramatically from its previous limits under the Data Protection Act 1998.
The previous limit was £500,000, which was rarely used, but the changes to the legislation under GDPR now mean that serious breaches could result in fines as large as €20 Million or 4% annual worldwide turnover (whichever is the greater).
There is also a fine of up to €10 million or 2% annual worldwide turnover (whichever is the greater) for failing to disclose any breach.
The true extent of the use of these massively increased powers will not be known until the DPA2018 has been established within UK law for a period of time.
However, with the issue of data protection becoming more prominent in the public eye with a number of recent high profile investigations and breaches (Talk Talk, Facebook, Morrisons), it’s reasonable to assume that investigations into GDPR breaches have already begun, or will begin in the very near future.
GDPR has not only introduced a requirement to report a breach but also specifies that the breach must be reported within 72 hours of becoming aware of it (this timescale includes weekend and public holidays) and with the increased resources being made available to the ICO to investigate and enforce Data Protection laws, this is not a time to be complacent.
You should seek to obtain expert legal advice as soon as possible if you know or suspect that your business could be hit with a fine for a GDPR breach. Richard Nelson LLP has experienced lawyers who can assist you. If you require assistance of this nature, please contact us today.
Get in touch
For more information about the services we can provide and about how we can help you and your business, contact us.
What we do...
Richard Nelson LLP has a number of services in place to assist businesses and individual that are currently under investigation for data breaches. We also offer advice and representations for businesses that are concerned that they may face a GDPR investigation. Our services cover the following situations: