Businesses in the UK have collectively been fined over £15.5m for breaching GDPR data protection laws in the 2023-2024 period.
Hayes Connor, a UK data breach solicitor, has conducted an analysis of recent GDPR breaches. Monetary penalties were imposed in cases following investigations by the Information Commissioner's Office (ICO), after 241.5m data records were exposed or wrongly used. There were 32,678 complaints made to the ICO in the 2023-24 period.
The total fines amounted to £15,537,500. Main cases, according to ICO data:
-Manchester: Four businesses fined a total of £225,000 for unauthorised marketing communications
-London: 12 organisations, including the Ministry of Defence, fined a combined £14,282,500 for various breaches, including improper email practices and unsolicited marketing calls
-Lancaster: Companies fined a total of £250,000 for unsolicited calls.
-Cardiff: Businesses fined £325,000 for nuisance marketing communications
-Bournemouth: Firms fined £170,000 for direct marketing violations
-Berkshire: One business fined £65,000 for sending unsolicited SMS messages
Richard Forrest, legal director at Hayes Connor, said: "High fines deter businesses from neglecting their data protection obligations. The ICO's actions demonstrate that non-compliance can lead to substantial financial consequences, encouraging other businesses to prioritise data security.”
Companies are legally required to protect personal data under the Data Protection Act 2018.
“Beyond fines, businesses might face lawsuits from affected individuals, leading to further financial liabilities and legal expenses,” said Forrest.