The total value of fines imposed by the UK ICO (the data protection regulator in the UK) more than tripled in 2022, in contrast to the previous year’s fines.
Most notably, the ICO fined facial recognition database company Clearview AI Inc around £7.5 million in 2022 for breaching various data protection law rules, including illegally collecting and storing people’s images from social media without their consent.
Whilst the ICO may have taken a more lenient approach when the new data protection regime first came into force in 2018 and again during the pandemic when businesses were under huge pressure, the figures should be a serious warning to businesses to make sure they prioritise compliance and take it seriously.
During the COVID-19 pandemic the ICO took a more forgiving approach to enforcement action, however, this recent sharp rise in the value of fines imposed suggests a change in attitude signalling that the ICO now means business when it comes to cracking down on organisations that it perceives as not having taken adequate or appropriate measures to protect personal data.
Becky White, Senior Data Protection & Privacy Solicitor comments:
Organisations should review their approach to data protection compliance and ensure that they have a fit for purpose privacy programme in place where possible, as this should help to mitigate the severity of any enforcement action (such as a fine or reprimand) the ICO ultimately decides to take. Organisations should also be aware that the ICO publishes details of enforcement action therefore being hit with a hefty fine isn’t the only risk to business; damage to reputation can have far worse financial repercussions and, in some instances, can be impossible to recover from.
The ICO’s actions have shown that it won’t hesitate to take serious action against businesses who fail to comply with the UK GDPR and further considerable fines for non-compliance may well follow. It is therefore vital to make sure your business complies with data protection laws. Carrying out a Data Protection Health Check will help with creating a fit for purpose privacy programme that maximises the chances of avoiding a penalty and any ensuing reputational damage.
If you’d like advice on how to comply with the UK GDPR get in touch with our data protection specialists today.