The ICO has issued fines totalling nearly \u00a350m against some of the UK’s most recognisable organisations for breaching the GDPR, and no business is immune from scrutiny. Understanding what triggers an ICO fine and how to prevent a data breach is essential for protecting your business. This article will explore some of the largest fines the ICO has issued to organisations in recent years and the precautionary measures your business can implement to avoid a significant personal data breach.<\/p>\n\n\n\n
The GDPR<\/a> is essential to UK law and data and privacy protection. Consequently, any severe breach should result in serious consequences. The Information Commissioner\u2019s Office (ICO) is the primary body responsible for investigating data breaches and handing down fines<\/a>. <\/p>\n\n\n\n The ICO may issue a fine against your company if it:<\/p>\n\n\n\n Currently, the five largest fines issued by the ICO for breach of data protection law add up to nearly \u00a350m. That is a sizeable proportion of the annual global turnover for the organisations affected. The ICO chose those figures to deter organisations from failing to take sufficient security measures<\/a> concerning customer data in the future.<\/p>\n\n\n\n Let us run through each fine and the nature of the UK GDPR breach below.<\/p>\n\n\n\n The ICO found that British Airways lacked adequate security measures to guard against cyber attacks. Eventually, this led to a cyber attack in 2018, which took British Airways over two months to find. Here, the fine was so significant because adequate IT security would have prevented the cyber attack, which subsequently leaked the personal and financial details of more than 425,000 customers.<\/p>\n\n\n\n This currently stands as the ICO’s largest fine to date.<\/p>\n\n\n\n In 2018, the ICO discovered that a 2014 cyber attack had leaked 339 million guest records worldwide. They concluded that Marriott Hotels failed to protect the stolen data adequately. Given that the stolen information contained names, phone numbers, email addresses and passport numbers, the ICO felt it essential to provide a considerable fine.<\/p>\n\n\n\n In this case, the Information Commissioner said, “Personal data is precious and businesses have to look after it.”<\/em><\/p>\n\n\n\n The ICO fined Clearview AI just over \u00a37.5m for collecting images from the internet and social media for a global face recognition network. Clearview AI obtained the photos without the consent of individuals. Since their global database contained approximately 20 billion images, this was a significant breach of GDPR rules.<\/p>\n\n\n\n The ICO found that Ticketmaster had failed to ensure appropriate security on its electronic payment page on its website. Consequently, hackers obtained sensitive financial information including names, credit card numbers and CVV relating to 1.5 million UK citizens.<\/p>\n\n\n\n The Deputy Commissioner hoped that the \u00a31.25m fine would “send a message to other organisations that looking after their customers’ personal details safety should be at the top of their agenda”.<\/em><\/p>\n<\/div>\n\n\n\n The ICO awarded this fine to the Cabinet Office for the well-publicised postal address leak of the 2020 New Year Honours recipients. Accordingly, the failure to protect this information led to the leaking of over 1000 home addresses online. Furthermore, many high-profile individuals were among the victims.<\/p>\n\n\n\n\n\n Continue reading this article below the form\n <\/i>\n<\/a>\n\n
Largest Fines Awarded by the ICO <\/h2>\n\n\n\n
British Airways Fine: \u00a320m<\/h3>\n\n\n\n
Marriott Hotels Fine: \u00a318.4m<\/h3>\n\n\n\n
Clearview AI Fine: \u00a37.5m (approx.)<\/h3>\n\n\n\n
Ticketmaster Fine: \u00a31.25m<\/h3>\n\n\n\n
Cabinet Office Fine: \u00a3500k<\/h3>\n\n\n\n