In fact, breaches of UK data protection laws during 2016 attracted 35 fines totalling £3,245,500, almost double the fines in 2015. With the General Data Protection Regulations (GDPR) coming into force in just a few months, UK businesses could face even bigger fines if they fail to ensure compliance.
The Commission investigated 39 cases involving existing members of the DMA. Of these, 69% related to data, privacy and quality. These cases often related to complex supply chains where insufficient due diligence meant the original consent or lack of consent had been overlooked, in breach of the DMA Code. The remaining complaints were split between contractual (21%) and customer service (10%) issues.
Over the course of the year, the Commissioners decided it was necessary to conduct a full formal investigation into two businesses, finding one in breach of the DMA Code. These cases highlighted the continued issue of offshore suppliers to provide call centre support or lead generation services.
George Kidd, Chief Commissioner of the DM Commission, said: “While the volume of complaints remains low the challenges with data and consents across lengthy value-chains are a cause for concern. Here, as with other issues, we seek to balance our responsibility for dealing with the behaviours with individual businesses with the need to look at where and why there is an issue, and to work with the DMA on policy responses across the board, and not just the individual complaint and member company.”