Record data protection fines ahead of GDPR

news article

May 24 2018

SHARE THISShare on FacebookShare on LinkedInTweet about this on TwitterEmail this to someone

There’s been a lot of talk about the impact of GDPR over the past few months, but it can still feel somewhat ill-defined.

With the ICO guidelines open to interpretation as to what “legitimate interest” is and what actually constitutes an “opt in”, it can be tempting to simply shrug the GDPR deadline off and wait for further instructions.

Recent analysis from the Information Commissioner’s Office shows that this simply isn’t an option, however, as data protection fines issued to UK businesses reached a record £4.2 million last year – and under the GDPR this number is only going to get higher.

An increase in action

Over the last 12 months, the Information Commissioner’s Office (ICO) issued 54 financial penalties to UK businesses for not adhering to the existing Data Protection Act (1998).

PricewaterhouseCoopers (PwC) reported that the number of actions (including penalties, prosecutions and enforcement notices) has steadily increased over the past 4 years. They report that 91 enforcement actions were taken for data braches in the last year, with the 54 penalties issued totalling £4,207,500 – almost £1 million higher than the previous year.

There’s a risk of heavier fines due under GDPR

Currently, the ICO can only issues fines up to £500,000 and, over the last year, only 14 of the fines issued by the ICO reached more than £100,000.

Under the GDPR, similar breaches could now see business pay up to €20 million (£17.5 million) or 4% of their annual turnover global turnover if that proves to be higher.

This is easily enough to wipe out the average SME, and cause significant damage to even the most comfortable of enterprise-level businesses.

It’s worth pointing out that ICO have gone on record saying that they aren’t prioritising fines under the GDPR. In their myth buster, they’ve said that the priority is “putting the consumer and citizen first”.

The ICO’s aim is to advise and educate businesses to help them stay compliant with data protection laws, so if you’re unsure of any of the points, get in touch with them. After all, failure to handle personal data responsibly will not only put your customers at risk but it will also serve to damage your business’s reputation.

Overview of the GDPR

The General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998 on 25 May 2018. As with the Data Protection Act, the GDPR applies to both data “controllers” and data “processors”.

If you’re a data controller, you say how and why personal data is processed, and if you’re a data processor then you act on the controller’s behalf.

The GDPR intends to give individuals more control over their personal data, and to ensure that business across the EU (including the UK, even after Brexit) handle personal data in the same. Global businesses dealing with the EU are expected to follow the GDPR, and as a result a number of international businesses are adopting the GDPR into their own system for the sake of simplicity.

For more information on the GDPR, you can view our resources here or the ICO website.

How are we preparing?

At Cascade, we’ve been preparing for the GDPR since June 2016.

Since then, our Group Data Protection Officer has led us through a huge internal project that has included risk assessments for each product and service we offer, and has seen us refine our internal processes to ensure we’re compliant at organisational, divisional and departmental level.

You can read the full details of this project here, but for an overview, we can guarantee that:

  • An outcome of our data protection review is the corporate framework necessary to demonstrate to customers and prospective customers that we manage personal data responsibly and within a culture of privacy.  
  • We will ensure we continue to manage personal data in compliance with data protection laws applicable to data processors by keeping our processing activities under review. 
  • We endeavour to make our products suitable for our customers to achieve data protection compliance so that our customers have what they need by the time the new laws come into force.
  • Any essential improvements we identify from our product gap analyses and risk assessments will be implemented within our products and services promptly.
  • We have in place a critical incident reporting procedure to ensure that any breaches, if they were to occur, are assessed and notified to customers without undue delay to allow customers to meet the reporting timescales in the new law.

If you require any further information on the IRIS Group’s activity regarding GDPR, please use the below links:


We’re here to point you in the direction, but the information we provide is for general guidance purposes only. It isn’t intended to be legal advice, and shouldn’t be taken as such.



Cascade HR Software Brochure.


Book a demo of Cascade HR Software.


  • HR

    Cascade’s Core HR solution is a powerful, proactive and dynamic solution that offers a huge amount of standard functionality” from the HR page.more...


    Cascade isn't a HR system with a bolt on Payroll system from another supplier. Cascade is an integrated HR and Payroll solution from one supplier.more...


    The module will bring the administratively-complex process of auto-enrolment to life, making it incredibly clear what HR and payroll professionals need to do and when. In turn this will allow each department to retain control over their own tasks at the same time as encouraging legislative compliance.more...


    Cascade delivers a comprehensive and powerful recruitment solution designed to reduce administration and ensure best practice.more...


    Online Recruitment represents the next generation in online recruitment functionality for your organisation's own website.more...


    Employee expenses and mileage claims have now been made even easier to process, saving time and increasing efficiency within your organisation.more...


    Gain efficiencies through minimizing costs and maximizing employee time, with zero paperwork and maximum control.more...


    Rolling out Self Service to Employees and Managers presents huge benefits to everyone but there are risks.more...


    Cascade reflects the need to take each employee and assess their individual training and development requirements.more...


    Cascade introduces workflows, best practice workflows and authorisation routes to ensure efficiency and guarantee no task is left incomplete.more...


    Cascade's Mobile Apps module allows you the HR team and your organisation to engage even further with your employees.more...

Related Posts

Book a free demo

Call 0344 815 5566

Get a Free Info Pack


Cascade HR is a well-established, award-winning provider of fully-integrated HR and payroll software. The company is renowned as much for its quality of project management and ongoing customer service levels, as it is its dynamic technology. Over