This time last year saw the introduction to the new Data Protection law in the UK titled the General Data Protection Regulations. The new regulations introduced severe penalties to companies who have broken the law, where they can be fined 20 million euros (£17.6m) or 4% of their annual global turnover – whichever is larger.
The new law is now a year old and organisations are asking, so what has happened with it all? This article hopes to answer that question.
Last year, we have seen the UK adopt the GDPR into UK law. As GDPR is an EU law there needed to be provisions for how it applies in the UK. So in 2018 we saw the old Data Protection Act 1998 be upgraded to the Data Protection Act 2018 or DPA 2018 as it has been dubbed.
So, who has been hit with the new fines since the new law? The answer is no one in the UK, even thou according to a BBC Technology post “More than 14,000 data breaches have been logged since the introduction of tough new data laws…”, further more the posts states that “Complaints from the public have also doubled, from around 21,000 to 41,000”.
Other than the new stiff penalties, the ICO has also implemented fines for non-payment of their fees. The message here is that those who didn’t pay risked a fine. This was further addressed this year when the ICO produced a trend report to show which sectors had been issued with fines.
However, what we have seen is a different trend which is more worrying than not paying a fee at all. This trend is those who pay a fee and don’t know why they are even paying it or even worse not understanding the legal framework or how to comply with it. In my opinion, this is where the system has failed organisations in not informing or promoting the new law to organisations.
So what’s next? I predict that you will probably see some of those data breaches resulting in large penalty fines in the next year and that as they do more organisations will take a moment to get to grips with the new law.
Organisations wanting to know where they stand with DPA 2018 can get in touch for more advice or they can read the guide on the ICO website https://ico.org.uk/for-organisations/guide-to-data-protection/.