Thought of the Day: What would a £400,000 fine be under the GDPR?

by GDPR Associates | 17th January 2018 11:38 am

Carphone Warehouse has been fined £400,000 following a cyber attack in 2015. Hackers were able to access the personal data of over three million customers and one thousand employees. Currently, the maximum fine the Information Commissioner’s Office (ICO) can impose is £500,000. By this standard, a £400,000 fine is really big. In fact, it is one of the largest fines in its history.

However, after the GDPR comes into force, the maximum fine will become €20 million or 4% of annual global turnover. A £400,000 fine seems quite paltry compared to the new maximum fines. Perhaps Carphone Warehouse has had a lucky shave financially… and I hope they will be first in line to ensure top-notch cybersecurity to avoid any fines in future. We can certainly expect any breaches of a similar scale to receive a significantly bigger fine after the May enforcement date.

Source URL: