New EU Legislation Means Astronomical Data Breach Fines For UK Firms

The Payment Card Industry Security Standards Council (PCI SSC) has warned that new EU legislation, which will come into effect in 2018, means that UK businesses could face a monumental £122 billion in data breach fines. Firms are being urged to act now to tighten up cyber security to avoid falling victim to the exponential fines.

So, what is this new regulation? Well, at present the maximum fine for a data breach is £500,000. However, under the European Union’s General Data Protection Regulation (GDPR), there will be the introduction of data breach fines for groups of companies equalling either four per cent of yearly worldwide turnover or 20 million euros, whichever is more. This means that firms could face 40 times the amount in fines compared to what they face at present, if not more.

This means that regulatory fines for small companies could multiply by 57, meaning the average cost to an SME would be £13,000. For large businesses, this rises to a monumental £11 million per organisation. And, remember; this is only a fraction of the expense that you will face. You then have the cost of identifying and rectifying the security vulnerability, setting up customer assistance, compensation costs, revenue loss, business disruption, and the expense of re-building your reputation, which is notoriously difficult after a security breach.

With that in mind, the PCI SSC is urging business and organisations to act now before it is too late. They are encouraging firms to develop and enhance their data security standards. The international director of PCI SSC, Jeremy King, has stated that the new legislation is a game changer for all companies, big and small.

You only need to look at the statistics to see that the vast majority of firms do not have adequate security measures in place, and, therefore, need to make urgent changes. In fact, the 2015 Information Security Breaches Survey, conducted by PWC for the government, revealed the 74 per cent of SMEs and 90 per cent of big corporations reported a data breach last year, which resulted in £1.4 billion in regulatory fines. Contrast this sum with the £122 billion anticipated for 2018, and it is not difficult to see how this could spell the end for any business that falls victim.

Recent data breaches have only highlighted this problem further. Take the TalkTalk breach as a prime example. The breach, which exposed the personal details of more than 150,000 customers, occurred because the telecoms provider had not applied even the most basic cyber security measures, according to Elizabeth Denham – the information commissioner at the ICO. They were hit with a record £400,000 fine from the Information Commissioner’s Office alone, and their profits are reported to have halved after the cyber attack, which cost the company £42 million in total.

To ensure your business has effective data protection measures in place, and is thus safeguarded from the new EU data breach fines, contact Retail Secure. Our solution dramatically minimises the chance of a data breach while helping firms to achieve PCI compliance, and it does this without costing you a fortune in the process. You can email us at, or give us a call on 0333 320 8848.