52% of Businesses are not GDPR compliant

Adherence to the GDPR is not optional and should be adopted, verbatim by each EU country; there shall be no country specific interpretations. According to a recent survey of senior business leaders, many UK business are still unsure when it comes to the application of the Data Protection Act (GDPR) in their organisation. But despite its regulatory impact the DPA should also be viewed by all businesses as a benchmark of quality. In a competitive market place where customer loyalty and retention is key, organisations that demonstrate compliance with the DPA are more likely to maintain the trust, respect and loyalty of their customers.

Scary but true

GDPR Stats

Data Protection Authorities across the EU not just the UK have received thousands of complaints and breach notifications, and the first fines, penalties and sanctions are being imposed. Registration fees fund the Information Commissioners Office (ICO) whilst all other fines and penalties flow straight to HM Treasury!

Public Opinion
Nearly half (48%) of U.K. adults expressed plans to activate new rights over their personal data as a result of GDPR.
Fifty-eight percent of U.K. consumers said they worry that a company might sell their personal information to other companies.
Forty-three percent of U.K. consumers said they want companies that don’t follow data protection rules to pay bigger fines.
ICO Stats
Increase in Data Protection Complaints since 2018
Increase in Data Breaches Reported to the ICO since 2018
Fines Issued to Non-Compliant Companies by the ICO in 2018


Data Protection Fines

Fines for non compliance are shown below - Not complying with the Data Protection Act can also put the viability of your business and the future of your company at serious risk. Do you really want to be the only one who doesn’t comply with a Law which is mandatory in the whole European Union? If we add to all this any claims made by users affected by your infraction or possible complaints from any corporate or economic operator, believe us: flouting the regulation will end up affecting you more than you could ever imagine. And, make no mistake: it won’t be worth it.

Tier 1 Fines
Fines of up to £9million or 2% of annual global turnover can be issued for infringements of articles:
  • 8  (conditions for children’s consent);
  • 11 (processing that doesn’t require identification);
  • 25–39 (general obligations of processors and controllers);
  • 42 (certification); and
  • 43 (certification bodies).
Tier 2 Fines
Fines of up to £18million or 4% of annual global turnover can be issued for infringements of articles:
  • 5 (data processing principles);
  • 6 (lawfulness of processing);
  • 7 (conditions for consent);
  • 9 (processing of special categories of data);
  • 12–22 (data subjects’ rights); and
  • 44–49 (data transfers to third countries or international organisations).

ICO Fees & Fines

Data Protection Fee

All organisations, companies and sole traders that process personal data must payan annual fee to the ICO unless they are exempt. Fines for not paying can be up to a maximum of £4,350. The money collected from the data protection fee funds the ICO’s work to uphold information rights such as investigations into data breaches and complaints, our popular advice line, and guidance and resources for organisations to help them understand and comply with their data protection obligations. 

Micro Organisations
Maximum turnover of £632,000 or no more than 10 members of staff
ICO Fee: £40
Max Fine: £400
Maximum turnover of £36million or no more than 250 members of staff.
ICO Fee: £60
Max Fine: £600
Large Organisations.
Those not meeting the employment or turnover criteria of Tiers 1 or 2.
ICO Fee: £2,900
Max Fine: £4,350
Want to find out more? Contact Us Today

COntact us now