Loss of customers, substantial costs and a damaged reputation: find out why privacy compliance should be top of your priority list

Mention data privacy compliance at a real or virtual party and you’ll likely spot more than one set of rolled eyes. But with organisations collecting more data from individuals than they ever have before and changing regulation to consider, it’s vital that privacy is prioritised. Those who get it wrong can face large fines, suffer from a damaged reputation and spend huge amounts of time and money trying to put it right.

By Nigel Jones

Co Founder of The Privacy Compliance Hub

January 2021

Almost half of UK businesses say they’ve experienced cyber security issues in the past year

Government figures show 46% of businesses have dealt with cyber security breaches or attacks in the past 12 months. And a third (32%) of those said they experienced issues at least once a week in 2020. 

Breaches can lead to substantial costs

Of those businesses that have experienced breaches or attacks, one in five (19%) have lost money or data as a consequence, and two in five (39%) were negatively impacted in other ways. The average cost to address breaches was £3,230 overall and £5,220 for medium and large firms. 

Covid-19 has led to more cyber crime

The National Cyber Security Centre estimates it has dealt with 10% more incidents in the year to 31 August 2020. Experts say the increase in employees working from home has created more chances for attackers to find and exploit vulnerabilities. 

Almost all security breaches are down to human error

According to data from the ICO, 90% of UK data breaches in 2019 were down to human error, an increase on the previous two years. But almost a quarter of UK organisations (22%) do not provide their employees with regular training. 

Unauthorised disclosure is one of the most common privacy complaints made to regulators

That can be as simple as not using bcc when sending out emails to long lists of people, but also covers identification protocols. 1 & 1 Telecom Gmbh was fined €9,500,000 (later reduced to €900,000 on appeal) for only requiring name and date of birth to gain entry to customer information, for example; and an NHS Trust was fined £180,000 after a sexual health centre mistakenly disclosed the details of nearly 800 patients by not using the bcc function. 

High price to pay for ignoring unsubscribe requests

Just Eat and Vodafone were fined for continuing to send marketing emails after users had unsubscribed and ClickQuickNow paid out £40,000 because its withdrawal of consent mechanism was deemed too complicated. 

Check out our short product walkthrough video for an understanding of how the hub works

Click to watch

Fined £275,000 for not locking the filing cabinet

One of the most common data breaches is due to the loss or theft of paper containing personal information. In the UK, the ICO fined a London pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd left 500,000 documents in unlocked containers at the back of its premises, including the names, addresses, dates of birth, NHS numbers and medical information of multiple people. And in Ireland, Cork University Maternity Hospital was fined €65,000 after personal data of 78 patients was discovered in a public recycling facility. 

Overall, the fines issued under GDPR exceed €220million

Notable violations in 2020 include British Airways, which was put on notice of a fine of £183.39m for a breach that led to the personal data of more than 400,000 customers being stolen by hackers (later reduced to £20m due partly to the Covid-19 pandemic); and Marriott International, which was fined £18.4m in relation to a 2018 cyber attack whereby more than 339 million guest records were exposed (and in 2020 it suffered another breach affecting 5.2 million customers); and Google, which picked up a €50m fine in France for lack of transparency around how personal data was collected and used for targeted advertising. 

A third of UK organisations lose customers after a data breach

The impact of a breach on an organisation’s reputation and bottom line can be immense – 33% of businesses say they’ve lost customers. Consumer research has also found 41% say they’ll never return to a business after a security issue and 44% say they’ll stop spending at least temporarily. 

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

Most people have lost faith in data privacy

Research has found 92% of people feel uncomfortable about the number of companies that collect data about them and 90% are shocked by the number of companies who have access to their data. Being able to demonstrate good practice in this area will boost the confidence of your customers. 

A culture of continuous privacy compliance

At the Privacy Compliance Hub, we make compliance easy for everyone to understand, care about and commit to. We call it a culture of continuous privacy compliance. Our platform, created by two ex-Google lawyers, provides a structured programme to follow, with training and reporting tools, giving you the confidence you’re keeping your customers, investors and the regulators happy.

More to watch and read