The Information Commissioner’s Office (ICO) has seen a drastic increase in the number of complaints about potential data breaches since the General Data Protection Regulations (GDPR) came into force in May 2018. According to statistics, there has been a 160% increase in the number of complaints received from 25 May 2018 to 3 July 2018, compared to the same period in 2017. The figures also show that over a quarter of complaints were made against firms holding sensitive information in industries such as financial services, education and health.
GDPR Regulations
Under the GDPR, organisations can be fined €20million or 4% of their global turnover, which is significantly more than the maximum fine that was possible under the old rules. There was a huge amount of media attention and government in the lead up to 25 May when the GDPR came in to force, which has no doubt increased individuals’ awareness of both their individual rights and the enhanced obligations on businesses to deal with data transparently and lawfully.
The ICO has now issued the first GDPR fine in the UK. AggregateIQ, a data analytics company, is the target. The ICO have allowed AggregateIQ a grace period of 30 days in order to audit, implement and document its data processing practices or it will face a fine of £17 million or 4% of its annual global turnover. AggregateIQ are currently appealing this decision. The fine comes after a whistleblower reported that the company had used algorithms from Facebook data to build software targeting Republican votes in the 2016 US election. This illustrates the tough approach the ICO are taking in respect of GDPR, as the ICO issued the fine despite the fact that the initial breach occurred prior to the implementation of GDPR. ICO state they were concerned about continuing breach of GDPR.
Nelsons are offering template privacy notices and data protection policies for a fixed fee along with optional support in tailoring this documentation and rolling it out across your workforce. We are also offering bespoke training packages for HR teams or groups of employees, so that you can embed data protection in to your culture and evidence your efforts to comply with the new regime.
How Nelsons Can Help
For further information or to comment on this article, please contact our Employment Law or Commerce & Technology teams on 0800 0241 976 or contact us via our online form.