Since the General Data Protection Regulation’s (GDPR) inception on 25 May 2018, the number of data breach notifications received by the Information Commissioner (ICO) has quadrupled – but the ICO is yet to issue any fines under GDPR.
A record breaking 14,072 breach notifications were made to the ICO between 25 May 2018 and the beginning of May this year. This is four times the number of notified data breaches recorded by the ICO for April 2017-2018, which was 3,311.
This sharp increase is partly due to the introduction of mandatory breach reporting for organisations that control personal data where a data breach is likely to “result in a risk for the rights and freedoms of individuals” under the new regime. These new breach reporting obligations enable the ICO to enforce GDPR and issue fines more effectively than in previous years.
The public have also submitted an unprecedented 41,054 complaints this year, almost doubling last year’s total. It suggests consumers are now more aware than ever before of the value of their personal data and their rights under GDPR, which includes their right to lodge a complaint with the ICO.
So far, more than 90 fines have been issued under GDPR totalling €55.96 million across Europe, including the biggest ever GDPR fine of €50 million issued by France’s CNIL to Google for failing to meet the new consent requirements under GDPR and to comply with its transparency and information obligations.
Despite these impressive notification figures, the increase in consumer awareness of GDPR, and ground breaking enforcement action taken by the ICO’s counterparts across Europe, no fine has been issued under GDPR rules in the UK. However, a spokeswoman for the ICO has confirmed that the “first fines under the General Data Protection Regulation are due to be issued soon, once the necessary legal processes have been completed”.
Although it is not public knowledge which organisations will be on the receiving end of the ICO’s first fines, we suspect that the ICO will have focussed its attention on the most egregious breaches – for example, the hacking attack on British Airways’ systems which led to 244,000 customers’ payment details being stolen and put up for sale on the dark web.
SMB’s Film and TV Team has advised its client 42, the UK/US management and production company (Outside the Wire, Watership Down), on the production, financing and distribution arrangements for its new film Silent Twins.
Read moreIn a judgment handed down on Tuesday 19th January, SMB won a claim to recover the domain name blackjack.com on behalf of our client, Hanger Holdings.
Read moreSMB’s Media Team have advised FAE Film and Television Limited on the production and financing of new film Save The Cinema for Sky Cinema.
Read more