The Information Commissioners’ Office has fined 111 organisations a total of £10.1m for breaking the rules on spam and data protection since it gained new powers in August 2015, with an increase of 69% during 2017 alone, from £2.9m to £6m.
While Information Commissioner Elizabeth Denham has played down potential fines under GDPR, the 2017 figures show the noose is already tightening on those who flout the law.
According to an analysis carried out by The SMS Works, nearly half of all fines issued between August 2015 and December 2017 were for unlawful marketing calls under the Privacy & Electronic Communications Regulations (PECR). Some 33 separate penalties were handed out to companies, accounting for 46% (£4,017,000) of all fines.
The largest ever fine of £400,000 was issued to Keurboom Communications in May 2017, which had made an 95 million calls to people at home.
The average fine handed out to companies caught SMS spamming was a substantial £108,000. But email spammers seem to be getting off relatively lightly. The average fine for email spam was just £40,000.
Furthermore, since August 2015, just seven fines have been issued for email spam, compared to 23 for SMS spam. The total amount of email spam fines was just £241,250, with SMS spam fines coming in at £1,539,500.
In a warning to those firms which are still dawdling in their GDPR preparations, the highest number of fines were given to companies that failed to adequately protect the consumer data that they held. This will be a key tenet of the new regulation.
Some 41 organisations have been caught breaking the rules on data security, accounting for 34% (£2,996,501) of all fines.
Telecoms giants in particular have been found to have inadequate data security systems in place. As well as the recently reported £400,000 fine handed to Carphone Warehouse, Talk Talk Telecom was also found to have left itself wide open to a cyber attack.
In October 2016, it was slapped with a £400,000 fine for security failings that allowed cyber criminals to download the personal details of 155,959 customers and the bank details of 15,656.
Financial services firms were on the end of 23% of all fines, which is more than double the number of the second most fined sector. Charities were surprisingly second in the hall of shame, attracting 10.5% of fines.
The SMS Works director Henry Cazalet said: “Companies which persist in blighting our lives with endless spam or weak data security, will find themselves backed into a corner. It’s up to companies, large and small, to ensure that all their outbound marketing complies with the rules. Breaches are likely to end up with a day in court and a hefty fine.
“All this might mean we’re about to enter a spam-free age, where our personal data is secure and our junk folders empty. That’s something we could all look forward to.”
Number’s up for Abbott with 12 year directorship ban
Four firms fined £600,000 as ICO bares its teeth again
Carphone Warehouse rocked by £400,000 ICO data fine
Over 170 companies under investigation for rogue calls
ICO ratchets up TPS abuse clampdown with £85k fine
Claims firm hit for £250,000 but is already bust
TalkTalk rocked by record £400k fine for data breach
Double-glazing firm smashed for £50k over TPS breach
New consent warning as firm is rocked by £270,000 fine
Brighton firm behind 46m calls gets £350,000 fine