So, do other European companies keep a better grip on data or are their ICO's too lazy to issue fines?
UK trigger-happy over fines for data breaches compared with Europe
The UK is among the most fined nations in Europe for data protection breaches, doubling the amount of penalties to £3.2m (€3.6m) during 2016. According to an analysis by mega consultancy firm PwC, breaches of UK data protection laws last year were followed by 35 fines. It found that the UK Information Commissioner's Office ( …
COMMENTS
-
-
This post has been deleted by its author
-
Sunday 4th June 2017 13:18 GMT Anonymous Coward
So, do other European companies keep a better grip on data or are their ICO's too lazy to issue fines?
I daresay some will presume the former The Breach Level Index annual report for 2016 showed 161 known incidents in the UK, but only 8 in Germany and 4 in France, so the data suggests that those people might be right.
For me, a common sense alarm bell rings loudly when the fourth largest economy in the world claims to have had only eight data breaches.
-
Monday 5th June 2017 08:28 GMT Halfmad
As it's almost entirely dependent on self-reporting I'm willing to bet a lot of it is down to companies just not owning up. The UK public sector is particularly good at reporting itself to the ICO quickly, within hours usually, knowing that if it does so there's far less chance of a monetary penalty at the end of it.
-
-
Thursday 1st June 2017 18:06 GMT Adam 52
Well the UK ICO issued more fines or prosecutions in the last two months than the Irish one did in the whole of last year. And, apart from a couple of private investigators, the Irish cases were all marketing related.
Given the large number of multinationals with their European base in Ireland, including Facebook and Google, I find it hard to believe that there were no incidents, so my bet is on the latter. I might even venture that the tax revenue from organisations able to select a jurisdiction provides a motivation to be a little flexible with enforcement
-
Thursday 1st June 2017 20:39 GMT Anonymous Coward
Can someone please clarify...
> However, under the the General Data Protection Regulation, which will come into force in May 2018, the penalties for a data breach will either be €20m (£17m) or 4 per cent of global annual revenue, whichever is highest.
I keep seeing this stated unchallenged. Does the GDPR really say that if a small one man band organisation leaks just one customer's private information then they will be fined 20m Euro?
-
Friday 2nd June 2017 08:03 GMT Anonymous Coward
Re: Can someone please clarify...
> "I keep seeing this stated unchallenged. Does the GDPR really say that if a small one man band organisation leaks just one customer's private information then they will be fined 20m Euro?"
The figure quoted is the maximum available fine (in comparison to the current £500,000). There are actually 2 levels of maximum (one half the stated amount), and it depends on the nature of the breach as to which applies.
-