With the arrival of GDPR in 2018, the power for the ICO to issue fines will increase dramatically.
The present limit is £500,000, which is rarely used, but the changes to the legislation under GDPR will mean that serious breaches could result in fines as large as €20 Million or 4% annual worldwide turnover (whichever is the greater).
There will also be a fine of up to €10 million or 2% annual worldwide turnover (whichever is the greater) for failing to disclose any breach.
The true extent of the use of these massively increased powers will not be known until GDPR has been established within UK law for a period of time.
However, with the issue of data protection becoming more prominent in the public eye with a number of recent high profile investigations and breaches (Talk Talk, Facebook, Morrisons), it’s reasonable to assume that investigations into GDPR breaches will begin sooner rather than later.
GDPR will not only introduce a requirement to report a breach but also that the beach is reported within 72 hours of becoming aware of it (this timescale includes weekend and public holidays) and with the increased resources being made available to the ICO to investigate and enforce Data Protection laws, this is not a time to be complacent.
You should seek to obtain expert legal advice as soon as possible if you know or suspect that your business could be hit with a fine for a GDPR breach. Richard Nelson LLP has experienced lawyers who can assist you. If you require assistance of this nature, please contact us today.
Get in touch
For more information about the services we can provide and about how we can help you and your business, contact us.
What we do...
Richard Nelson LLP has a number of services in place to assist businesses and individual that are currently under investigation for data breaches. We also offer advice and representations for businesses that are concerned that they may face a GDPR investigation. Our services cover the following situations: