back to article UK trigger-happy over fines for data breaches compared with Europe

The UK is among the most fined nations in Europe for data protection breaches, doubling the amount of penalties to £3.2m (€3.6m) during 2016. According to an analysis by mega consultancy firm PwC, breaches of UK data protection laws last year were followed by 35 fines. It found that the UK Information Commissioner's Office ( …

  1. Your alien overlord - fear me

    So, do other European companies keep a better grip on data or are their ICO's too lazy to issue fines?

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      So, do other European companies keep a better grip on data or are their ICO's too lazy to issue fines?

      I daresay some will presume the former The Breach Level Index annual report for 2016 showed 161 known incidents in the UK, but only 8 in Germany and 4 in France, so the data suggests that those people might be right.

      For me, a common sense alarm bell rings loudly when the fourth largest economy in the world claims to have had only eight data breaches.

    3. Halfmad

      As it's almost entirely dependent on self-reporting I'm willing to bet a lot of it is down to companies just not owning up. The UK public sector is particularly good at reporting itself to the ICO quickly, within hours usually, knowing that if it does so there's far less chance of a monetary penalty at the end of it.

  2. Adam 52 Silver badge

    Well the UK ICO issued more fines or prosecutions in the last two months than the Irish one did in the whole of last year. And, apart from a couple of private investigators, the Irish cases were all marketing related.

    Given the large number of multinationals with their European base in Ireland, including Facebook and Google, I find it hard to believe that there were no incidents, so my bet is on the latter. I might even venture that the tax revenue from organisations able to select a jurisdiction provides a motivation to be a little flexible with enforcement

  3. Anonymous Coward
    Anonymous Coward

    Can someone please clarify...

    > However, under the the General Data Protection Regulation, which will come into force in May 2018, the penalties for a data breach will either be €20m (£17m) or 4 per cent of global annual revenue, whichever is highest.

    I keep seeing this stated unchallenged. Does the GDPR really say that if a small one man band organisation leaks just one customer's private information then they will be fined 20m Euro?

    1. Anonymous Coward
      Anonymous Coward

      Re: Can someone please clarify...

      > "I keep seeing this stated unchallenged. Does the GDPR really say that if a small one man band organisation leaks just one customer's private information then they will be fined 20m Euro?"

      The figure quoted is the maximum available fine (in comparison to the current £500,000). There are actually 2 levels of maximum (one half the stated amount), and it depends on the nature of the breach as to which applies.

    2. Anonymous Coward
      Anonymous Coward

      Re: Can someone please clarify...

      No. See GDPR Art. 83, para 5, pp 82-83

      http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf

      1. well meaning but ultimately self defeating

        Re: Can someone please clarify...

        How long have you been waiting to be able to do that?

  4. Anonymous Coward
    Anonymous Coward

    Hang on a minute,

    Issuing fines and then collecting them are two very very different things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like