Figures from PwC’s 2018 Privacy & Security Enforcement Tracker show the sum of monetary penalties issued to UK organisations for breaching data protection laws in the calendar year 2018 totalled more than £6.5m in 2018, over two million more than the previous year.

Guilty marketing

In the fifth year of compiling the report PwC analysed the UK Information Commissioner’s Officer (ICO) data protection enforcement actions, looking at monetary penalties, enforcement notices, prosecutions and undertakings. The data showed that while the total sum of fines has increased, the number of enforcements issued fell to 67 in 2018, from 91 in 2017. The tracker also reveals that marketing accounted for 50 per cent of infringements, with telephone calls accounting for 64 per cent of marketing infringements. A quarter (25 per cent) of enforcement actions relate to personal data security breaches. Private sector companies accounted for 86 per cent of the enforcements, but scrutiny remains on the public sector given the sensitive nature of the data they handle

Working through the system

Stewart Room, lead partner for GDPR and data protection at PwC, commented “2018 was a transitional year for data protection in the UK, with the introduction of the GDPR in May, but the trend of enforcement remained constant in comparison with previous years, with marketing and security infringements dominating the regulatory agenda. Mr Room added, “The absence of any GDPR fines in 2018 was not surprising, as it takes many months for cases to work through the system, but we know that they are on their way. As well as looking at how to improve their levels of legal compliance, I would encourage organisations to focus on how good approaches to the handling of personal data can help them to deliver on their business purpose, to help and sustain the creation of long term value and trust.”