The Information Commissioners Office (ICO) has fined companies a record number of times throughout 2020 and through 2021.
The ICO fines imposed over the past two years were 42 million.
The increase is due to news that British Airways was fined £ 20million after a major data breach in 2018.
Marriott Hotels was also fined $ 18.4 million last October.
The maximum fine the ICO can impose is £ 17.5 million, or 4% of a company’s total annual worldwide revenue, whichever is greater. At British Airways and Marriott, however, the total was far higher.
Commenting on the stats, Richard Breavington, Partner at RPC said, “The ICO will clearly impose blockbuster fines if it wants big companies to sit up and take notice. Overall, however, the ICO was very fair in terms of the fines it set.
“The total number of cyber breach fines has remained fairly constant despite a sharp increase in the number of actual cyber attacks. At the beginning of the GDPR regime, there were concerns that the ICO would use its fine powers to the full, but so far it only appears to be imposing as a last resort.
“The two heavy fines could have been higher, but the ICO appears to have taken into account and reduced the devastating effects of the coronavirus on the travel and hospitality sectors. However, companies shouldn’t become complacent. “
In addition to taking enforcement action against companies that fail to take reasonable steps to prevent data breaches, the regulator has also penalized companies that engage in harassing marketing tactics.
The research shows that the number of fines related to harassment and cold calling has quadrupled compared to the previous year. The ICO has also imposed fines on companies for sending “unsolicited marketing emails” and cold calling customers.
Breavington added, “As organized cyber gangs seem to be becoming more and more sophisticated, companies should plan on the basis that they will eventually break into their systems successfully.
“A measure of success will be how well your sensitive customer data is protected in the event of this breach. Will they be able to limit the amount of data taken from their system and how effectively will they respond to the breach if they discover it? “