UK Companies Fined £42 million for Data Breaches


The Information Commissioner’s Office (ICO) issued £42.4 million of fines for data misuse in 2020.

Since the Data Protection Act was updated to include the General Data Protection Regulation (GDPR), organisations are under more pressure than ever to look after our personal data.

But these figures reveal that some organisations still have a way to go in strengthening their data protection.

How Large Are Data Breach Fines?

In the UK, companies who breach UK GDPR and/or the Data Protection Act can be fined up to £17.5 million or 4% of the company’s annual global turnover - with the ICO choosing whichever value is higher as the final sum.

But the ICO won’t always choose to issue a penalty fine. They might instead issue:

  • A warning
  • A temporary or permanent ban on data processing
  • An order to rectify, restrict or delete data
  • A data transfer suspension

One of the largest culprits in 2020 was British Airways. They were issued fines of £20 million. The ICO also handed out large fines to:

  • Marriott International Inc – £18.4 million
  • Ticketmaster LTD – £1.25 million
  • DSG Retail Ltd – £500,000
  • CRDNN Limited – £500,000
  • Cathay Pacific – £500,000

All of these organisations were found to have breached either the Privacy and Electronic Communications Regulations (PECR) or the Data Protection Act, which used to include a maximum fine of £500,000. But under GDPR, the ICO now have the power to impose much larger fines.

PECR gives people privacy rights when it comes to electronic communications, such as marketing calls, emails and texts.

Scottish company CRDNN Limited were investigated by the ICO back in 2018 after they received more than 3,000 complaints about nuisance calls. After seizing their computer equipment and documents, the ICO found that the firm were making 1.6 million automated cold calls a day to customers.

What are the Main Causes of Data Breaches?

There are a few different ways in which organisations can face a data breach. According to Verizon’s 2020 Data Breach Investigations Report:

  • 45% of data breaches are caused by criminal hacking
  • 22% are caused by human error
  • 22% are because of social engineering such as phishing and pretexting
  • 17% are the result of cybercriminals using malware
  • 8% are due to unauthorised users accessing information they’re not entitled to
  • 6% are caused by physical actions such as paperwork or laptops being stolen

Despite this, it still remains the responsibility of the company to protect any personal data it collects. If they don’t, you could have a compensation claim.

You Could Claim Data Breach Compensation

If you find out your personal data’s been breached or leaked, you could make a claim against the company or organisation who suffered the breach. They have a responsibility to keep your personal data safe under data protection laws. If they’ve breached this duty of care and it’s put your personal information at risk, you could make a claim for Data Breach Compensation.

Our Data Breach Solicitors have helped people make claims against public and private businesses, as well as local authorities and financial institutions. Get in touch with our expert Data Breach Compensation Specialists today for a free case assessment. We’ll tell you if you’ve got grounds for a claim if we can deal with it on a No Win, No Fee basis.

Contact our Data Breach Solicitors For a Free Case Assessment

We're happy to help

Monday to Friday 8:30am-7:00pm

0808 239 9426

0808 239 9426

We're happy to call you

Simply click below to arrange the assessment

Request a Free Case Assessment

Contact us for a Free Data Breach Case Assessment

Enter the organisation who has exposed your data

This data will only be used by Simpson Millar in accordance with our Privacy Policy for processing your query and for no other purpose

Simpson Millar Solicitors are a national law firm with over 500 staff and offices in Billingham, Bristol, Cardiff, Catterick, Lancaster, Leeds, Liverpool, London and Manchester.