Amount of Lockdown GDPR Fines Sanctioned in UK made Public

In the UK a Freedom of Information (FOI) request has uncovered information which reveals that the companies in the UK which were penalized for violating the European Union’s General Data Protection Regulation (GDPR) during the time period from March 2020 to January 2021.

The request was submitted by data management company Go Shred and discovered that just four penalty notices were processed for UK companies since the beginning of the COVID-19 lockdown.

In the response provided by the Information Commissioner’s Office (ICO) it was revealed that the only sanctions imposed were against Ticketmaster, Marriott and British Airways. There was one additional GDPR penalty impose on Doorstop Dispensaries which was not included as it occurred outside of the time period requested in the FOI submission.

 the ICO is yet to release the annual report for the number of complaints received in the whole of 2020, taking a look at data

During the period from March 2019 to March 2020 the number of data protection complaints submitted grew by 15% on the previous 12 months to 39,860. The amount of personal data breaches registered and processed by the ICO grewby 3% to 12,789 in 2019/20 compared to 12,385 in 2018/192. The sectors accounting for the largest share of personal data breaches were health (19.66%), general business (17.16%) and education (14.11%).

Reviewing the breaches and financial penalties  handed out since GDPR was introduced shows that the UK is in the top four countries in Europe in relation to the overall amount of GDPR fines sanctioned. The only countries with more are Italy with £69,328,716, Germany with £69,085,000, France with £54,436,300 and the UK accounts for £44,221,0003.

The Go Shred report follows a recent survey that showed 66% of homeworkers in the UK have printed work-related documents since they began working from home despite the fact that there is a great possibility that this action would represent a breach of GDPR. Additionally the survey showed that one fifth of remote workers have printed confidential employee information including payroll, addresses and medical information without adequate authorization.

Mike Cluskey, Managing Director at Go Shred released a statement which said: “From accessing work-related emails on personal devices to correctly disposing of confidential print outs, remaining GDPR compliant when working from home can be tricky but it’s essential to avoid penalties and potential data breaches.

“Our top tips to avoid any breaches would be to only use approved devices, conduct internal training with your staff to make sure they are aware of their responsibilities, take extra care with print outs and secure any paper documents which might contain sensitive information.”