The number of fines imposed for breaches of data protection legislation, the GDPR and PECR continues to rise. The main driver being the data controller/processor failing to implement sufficient technical and organisational measures to ensure information security.
In basic terms this means the management leadership team within the organisation receiving the fine failed to have robust policies and procedures in place or that they failed to ensure they were adhered to.
The fines imposed are usually substantial.
Recent fines include:
| Fine | Organisation | Reason |
| £120,000 | Allay Claims Ltd | Insufficient technical and organisational measures to ensure information security |
| £105,000 | ZMLUK Ltd | Insufficient technical and organisational measures to ensure information security |
| £1,400,000 | LastPass UK Ltd | Insufficient technical and organisational measures to ensure information security |
| £6,880,000 | CAPITA PENSION SOLUTIONS LIMITED | Insufficient technical and organisational measures to ensure information security |
| £9,180,000 | CAPITA PLC | Insufficient technical and organisational measures to ensure information security |
| £230 | Unidentified Individual Police Officer | Insufficient legal basis for data processing |
| £20,725 | Birthlink | Insufficient technical and organisational measures to ensure information security |
| £2,700,000 | 23andMe, Inc. | Insufficient technical and organisational measures to ensure information security |
| £70,300 | DPP Law Ltd. | Insufficient technical and organisational measures to ensure information security |
| £3,500,000 | Advanced Computer Software Group Ltd | Insufficient technical and organisational measures to ensure information security |
| £904,000 | Police Service of Northern Ireland | Insufficient technical and organisational measures to ensure information security |
| £8,700 | Central Young Men’s Christian Association | Insufficient technical and organisational measures to ensure information security |
Concrew Training’s courses on data protection are designed to help those attending understand the legislation and take action to reduce the risk of breaches and fines.
They are very affordable, especially when compared to the fines for breaches.