A Freedom of Information (FOI) request in the United Kingdom has uncovered the companies which were penalized for breaching the European Union’s General Data Protection Regulation (GDPR) during the time period from March 2020 to January 2021 in that jurisdiction.
The Information Commissioner’s Office (ICO) went into further detail in the response to the FOI request submitted by data management company Go Shred, revealing a total of four penalty notices were processed for UK firms since the start of the COVID-19 lockdown.
It went into further details and named Ticketmaster, Marriott and British Airways during the time the request referred to. In Addition to these enforcement actions, there was one additional GDPR penalty imposed on Doorstop Dispensaries during the lockdown. However, this was not included as it took place outside of the time period requested in the FOI submission from Go Shred.
Mike Cluskey, Managing Director at Go Shred issued a statement which said: “From accessing work-related emails on personal devices to correctly disposing of confidential print outs, remaining GDPR compliant when working from home can be tricky but it’s essential to avoid penalties and potential data breaches.”
“Our top tips to avoid any breaches would be to only use approved devices, conduct internal training with your staff to make sure they are aware of their responsibilities, take extra care with print outs and secure any paper documents which might contain sensitive information.”
So far, ICO has not made public the annual report for the number of complaints received in the whole of 2020. However, during the period from March 2019 to March 2020 the number of data protection complaints submitted grew by 15% from the previous 12 months with a total of 39,860 GDPR violation complaints filed. Personal data breaches registered and processed by the ICO grew by 3% to 12,789 in 2019/20 compared to 12,385 in 2018/192. The sectors accounting for the largest share of personal data breaches were health (19.66%), general business (17.16%) and education (14.11%).
Since GDPR became enforceable, the UK is in the top four countries in Europe in relation to the overall amount of GDPR fines applied. The only countries with a higher total amount of GDPR fines are Italy with £69,328,716, Germany with £69,085,000, and France with £54,436,300. The total fines in the UK were £44,221,003.
The Go Shred report comes following a recent survey that indicated 66% of homeworkers in the UK have printed work-related documents during the period that they have been forced to work from home, despite the danger of this being a breach of the GDPR. The survey indicated 20% of remote workers have printed confidential employee data such as payroll, addresses and medical information without proper permission.