Search Our Site

We have 3,758,103 registered online learners.
1,141 new learners so far today.

UK businesses’ data protection breach fines on the rise

schedule 5th September 2017 by Hannah Gorton in Virtual College Last updated on 24th April 2018

Man on computer in a busy office

According to figures by the Information Commissioner’s Office (ICO), fines for breaches in data protection have almost doubled since 2015 from £2m to £3.2m.

These fines could be set to rise as, from 25th May 2018, the EU’s General Data Protection Regulation (GDPR) will replace the Data Protection Act (DPA) in the UK. Failure to comply with this new framework can result in fines of up to €20m or 4% of global turnover, exceeding the current maximum of £500,000.

Just how common are data security breaches?

A 2017 Cyber Security Breaches survey conducted by the Department for Culture Media & Sport found that virtually all the UK businesses they spoke to were exposed to cyber security risks, with 38% of micro firms, 52% of small firms and 66% of medium firms identifying at least one cyber security breach in the last 12 months.

In support of this, PwC found that:

  • 74% of small and medium-sized enterprises (SMEs) had a security breach, with the average cost of the breach totalling between £75k and £311k.
  • 38% of SMEs suffered from external attacks, with a distinct increase in malicious software being used, and 16% were hit by DoS attacks.
  • 31% of SMEs suffered staff-related security breaches and half of all organisations attributed the cause to inadvertent human error, solidifying the fact that modern workers, in any sized business, must be trained in data protection.

The impact of breaches in data protection

As well as the considerable regulatory fines, the Cisco 2017 Annual Cybersecurity Report cites that functions most likely to be affected by a data protection breach are:

  • Operations
  • Brand reputation
  • Customer retention
  • Partner relationships
  • Supplier relationships

Jeremy King, international director at PCI SSC has stated: “Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cyber security threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”

Related resources

Hannah Gorton Author

Author: Hannah Gorton

Hannah is a content writer for the marketing team at Virtual College. She has a degree in English literature and writes articles and blog posts for a range of topics within the learning industry. In her spare time she enjoys reading, knitting and gaming.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.