PRESS RELEASE: Carphone Warehouse data breach fine could have hit £423m under GDPR

10 Jan 2018

Carphone Warehouse has been fined £400,000 by the Information Commissioner’s Office (ICO) after security failures allowed hackers to access the personal data of over 3m customers in 2015.

Collyer Bristow says that if this data breach had occurred after General Data Protection Regulation (GDPR) has been introduced in May 2018, the fine could have been as high as £423m. Under GDPR, the maximum fines for the most serious data breaches are set at either €20m or 4% of global turnover, whichever is higher.

Following the announcement today, Patrick Wheeler, Head of Intellectual Property and Data Protection at Collyer Bristow, comments:

“Serious data breaches under GDPR could result in fines that capsize a business.”

“While the emphasis is on encouraging compliance, we could be seeing the ICO rival the SEC and FCA for blockbuster fines for the most severe transgressions.”

“GDPR is fast approaching and businesses must be aware of how much they are risking if their data security and privacy procedures are not bulletproof.”