First GDPR fine – data breaches and financial penalties

The GDPR (General Data Protection Regulation) was introduced in the UK in 2018 as a means of updating existing data protection law. This important piece of legislation means that all organisations and individuals that store and process the personal data of others are obliged to comply with designated principles. Where they fail to do so, they could be found responsible for a data protection breach. In such cases, a data controller can face its first GDPR fine.

The ICO (Information Commissioner’s Office) is responsible for the enforcement of data protection law in the UK and has the power to impose financial penalties on companies that have failed to keep personal information secure. This power has been used in a number of high-profile data breach cases in the past few years, in which some data controllers have faced GDPR fines in the millions of pounds mark.

Alongside action by regulators, we believe it is important that victims are fairly compensated for the data breaches that they have been involved in. Those affected by the Virgin Media data breach, which involved the exposure of around 900,000 people’s personal information, can be eligible to join our group action against the company to fight for the compensation we say that they deserve.

How do fines hold data controllers to account?

While some data controllers manage to avoid financial penalties from the ICO, instead receiving recommendations on changes to data protection policy and practice, others can face a first GDPR fine that can act as a real deterrent. The element of financial cost can both act as a punishment for companies that have breached the law, and as a deterrent for data controllers more widely as well.

The threat of loss can dissuade organisations from neglecting their data protection duties. Hopefully…

How data controllers hit with their first GDPR fine compare to previous penalties

In the years since the GDPR came into force, a number of major companies have hit the headlines due to data protection breaches, and have then received further press coverage after being hit with GDPR fines, and you can see the difference. For example, Equifax faced a £500,000 data breach fine for the 2017 cyberattack it was involved in, which was before the GDPR and was the previous maximum amount that could be fined. Just one year later in terms of breach period, Ticketmaster eventually faced a first GDPR fine of £1.25 million after failing to protect customer data.

This shows the significant difference given that, arguably, the Equifax data breach was far bigger and has been seen as far worse.

The first GDPR fine to reach the tens of millions in the UK was the one imposed on British Airways, which also remains the largest ICO penalty to date. The airline was fined £20m, a reduction from the initial intention to fine an amount of £183.4m that was originally proposed by the data protection regulator.

Start your GDPR compensation claim now

While Virgin Media has not been fined by the ICO for its exposure of people’s data, we believe this breach of the law can be accounted for in our data breach group action. In fact, where the ICO has not imposed a financial penalty, it is even more important that the data controller in question is held responsible through data breach claims.

If you were one of the 900,000 victims of the Virgin Media data breach, now is your chance to claim compensation for the harm caused. Sign up online today to start your No Win, No Fee claim.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.