Experts have warned that a number of UK companies could find themselves on the end of ever-increasing data privacy fines if they do not adequately prepare themselves for the upcoming General Data Protection Regulation (GDPR).
A new report from PwC found that 23 enforcement notices were issued by the UK Information Commissioner’s Office (ICO) in 2016, with fines totalling £3,245,500 – nearly double the amount recorded during 2015.
Experts warn that the 155 per cent growth in enforcement notices could spike again if companies do not ensure compliance with what is being touted as the most significant change in privacy law for more than two decades.
The GDPR measures are under a year away, and look set to arrive with the UK already having established itself as one of the regions with the highest financial penalties in Europe last year, alongside Italy (€3.3 million).
Nevertheless, the numbers remain behind those seen in the United States, which issued fines totalling approximately $250 million.
Any organization that does not comply with the upcoming GDPR regulations will face increased financial penalties of up to four percent of their global turnover or $20 million, depending on what is higher.
The ICO has already warned businesses that they need to start thinking about the steps they are required to take, adding that the benefits of data protection should provide ample incentive.
However, Stewart Room, PwC’s global cybersecurity and data protection legal services leader, has warned that many companies are still having trouble understanding what will be required from the new regulations.
He said: “We’ve performed more than 150 GDPR readiness assessments with our clients around the world. Many struggle to know where to start with their preparations, but also how to move programs beyond just risk reviews and data analysis to delivering real operational change.”