A bleak warning to businesses – the UK data protection regulator tripled fines in 2022

A bleak warning to businesses – the UK data protection regulator tripled fines in 2022

The total value of fines imposed by the UK ICO (the data protection regulator in the UK) more than tripled in 2022, in contrast to the previous year’s fines.

Most notably, the ICO fined facial recognition database company Clearview AI Inc around £7.5 million in 2022 for breaching various data protection law rules, including illegally collecting and storing people’s images from social media without their consent.

Whilst the ICO may have taken a more lenient approach when the new data protection regime first came into force in 2018 and again during the pandemic when businesses were under huge pressure, the figures should be a serious warning to businesses to make sure they prioritise compliance and take it seriously.

During the COVID-19 pandemic the ICO took a more forgiving approach to enforcement action, however, this recent sharp rise in the value of fines imposed suggests a change in attitude signalling that the ICO now means business when it comes to cracking down on organisations that it perceives as not having taken adequate or appropriate measures to protect personal data. 

Becky White, Senior Data Protection & Privacy Solicitor comments:

Organisations should review their approach to data protection compliance and ensure that they have a fit for purpose privacy programme in place where possible, as this should help to mitigate the severity of any enforcement action (such as a fine or reprimand) the ICO ultimately decides to take. Organisations should also be aware that the ICO publishes details of enforcement action therefore being hit with a hefty fine isn’t the only risk to business; damage to reputation can have far worse financial repercussions and, in some instances, can be impossible to recover from.

The ICO’s actions have shown that it won’t hesitate to take serious action against businesses who fail to comply with the UK GDPR and further considerable fines for non-compliance may well follow. It is therefore vital to make sure your business complies with data protection laws. Carrying out a Data Protection Health Check will help with creating a fit for purpose privacy programme that maximises the chances of avoiding a penalty and any ensuing reputational damage.

If you’d like advice on how to comply with the UK GDPR get in touch with our data protection specialists today.

About our expert

Becky White

Becky White

Senior Data Protection & Privacy Solicitor
Becky is an experienced data protection and privacy lawyer who qualified in 2002. She supports clients with navigating data protection compliance and provides practical commercial advice related to privacy laws.  

Our offices

A national law firm

A national law firm

Our commercial lawyers are based in or close to major cities across the UK, providing expert legal advice to clients both locally and nationally.

We mainly work remotely, so we can work with you wherever you are. But we can arrange face-to-face meeting at our offices or a location of your choosing.

Head Office

Floor 5, Cavendish House, 39-41 Waterloo Street, Birmingham, B2 5PP
Regional Spaces

Stirling House, Cambridge Innovation Park, Denny End Road, Waterbeach, Cambridge, CB25 9QE
13th Floor, Piccadilly Plaza, Manchester, M1 4BT
10 Fitzroy Square, London, W1T 5HP
Harwell Innovation Centre, 173 Curie Avenue, Harwell, Oxfordshire, OX11 0QG
1st Floor, Dearing House, 1 Young St, Sheffield, S1 4UP
White Building Studios, 1-4 Cumberland Place, Southampton, SO15 2NP
A national law firm

To access legal support from just £145 per hour arrange your no-obligation initial consultation to discuss your business requirements.

Make an enquiry