• Startups
  • August 03, 2018

How is the ICO Handling GDPR Data Breaches?

By Lawbite Team

Talk to a Lawyer Free Legal Help
The Dixons data breach
 In June this year, it was announced that Dixons Carphone (owners of Currys, PC World, Carphone Warehouse and Dixons) had suffered a data breach affecting 1.2 million individuals when their processing systems were infiltrated by hackers. The breach occurred in July of last year, (so pre GDPR) and involved the leak of personal information including names, addresses and email addresses. Information on 5.9 million payment cards was breached (105,000 of those cards didn’t have chip and pin protection), although there appears to have been no bank fraud committed. The bigger concern is around the leak of personal data, which can help hackers gain insights into individuals’ personal details, habits and patterns. This has been in the headlines ever since the massive wake-up call prompted by the recent Facebook and Cambridge Analytica story. It has now been announced that rather than 1.2 million individuals being affected, that number is far higher and closer to 10 million people Luckily for Dixons Carphone, the breach occurred before GDPR came into force, and so it is unlikely to be dealt with under the new legislation but it highlights that even very large companies have some way to go to ensure full GDPR compliance. The company is likely to be fined anything up to £500,000 if they are found to be at fault. If this had happened within the past couple of months, the company could have been fined up to 4% of its annual turnover, potentially a far larger amount. The Information Commissioner’s Office in the UK (the ICO) is working with the National Cyber Security Centre, the Financial Conduct Authority and other authorities to investigate the breach and work out the impact it has had on customers. This is not a matter that is being taken lightly. 

How might this impact my business?
 We warned about the increased scrutiny with which the ICO would be approaching all UK businesses – big or small in our previous GDPR blog post,  This is just another example of potential GDPR cases coming into the limelight, although we’re seeing cases at the moment involving the ‘big fish’ of the UK business world, it’s only a matter of time before the ICO goes fishing in smaller ponds. Businesses are starting to prepare for the worst with professional business legal advice proving essential. The number of firms self-reporting data breaches to the ICO has dramatically increased from 367 in April to 1,792 in June. And, in a recent survey, 45% of firms have set aside money in anticipation of receiving a GDPR fine. GDPR is not something that any business can afford to ignore. 
How LawBite can help
 The ICO is still at the stage, following the GDPR deadline, where they are likely to show some leniency in circumstances where businesses can show that they're taking clear steps towards getting in line with the new regulations. My colleague, LawBrief lawyer Alla Fairbrother, wrote recently about some key actions you can take now to start becoming compliant.       At LawBite we believe that, all in all, becoming GDPR compliant can be of an overall benefit to your business and is best achieved through professional business legal advice. Clear and secure practice in data protection is something that’s in the interest of all businesses as well as that of their clients and customers. We have a range of GDPR product packages which will help you address your data protection risks. Along with our other helpful content we have also designed a quick and easy to use GDPR Checklist which will assess your current data protection position and following that you will receive a FREE consultation with an expert business lawyer. LawBite is here to help, and to make sure you are fully compliant with your responsibilities under GDPR. Don’t delay, take action now! To consult with the LawBrief lawyer Barbara, please submit an enquiry for a free 15-minute consultation or call the dedicated GDPR Hotline 0845 241 1843 
Journey further… How LawBite works GDPR Products and Services LawBite GDPR Rescue Package

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • July 27, 2021
Data Protection - European Commission adopts adequacy decisions for the UK

On 28 June 2021, the Commission adopted two adequacy decisions in relation to the United Kingdom, under the General Data Protection Regulation (GDP...

blog image
  • By Lawbite Team
  • July 27, 2021
Setting up a Limited Company UK: a guide for businesses

As a business owner, you may want to learn about the business legal structure known as a limited company. A limited company has a separate legal id...

blog image
  • By Lawbite Team
  • May 26, 2021
Your Post-Brexit GDPR Refresher

This month the General Data Protection Regulations (GDPR) celebrates its second birthday. Thinking back to the months preceding May 2018 you are li...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan