437 days since GDPR legislation came into effect and the business landscape at ground level seems arguably unchanged. Sales teams across the world still call and email uninvited, protected by a myriad of legal precedent that they can legitimately (albeit loosely) claim their communications and their reason for contacting you correspond to.

US based credit scoring giant Equifax and British airways are facing fines and potential losses in revenue for their neglect and subsequent leaking of customer data, with British Airways being fined 183 million pounds, the highest GDPR fine to date, and the total cost of the Equifax data breach in fines and legal action expected to amount to around 700 million dollars.

Research conducted by Ipsos MORI shows that 41% of consumers have an elevated level of trust in businesses since the introduction of GDPR (Ipsos MORI, 2019) – much lower than we might expect from the biggest change to data processing and privacy law in 21 years. As fines continue to be issued by the ICO in the UK, we can expect to see this increase with the public and high-profile enforcement of the legislation making it clear to consumers and businesses alike that breaches in security cannot be tolerated.

It is clear that the GDPR is here to stay, as are fines for those companies neglecting the data they store. These fines can only continue to increase, as under the GDPR regulation the maximum potential fine for a breach is 20 million Euros or 4% of the company’s annual turnover, whichever is higher. The British Airways fine equates to 1.5% of their 2017 turnover and is the highest fine to date, so fines can, and will increase for more severe or indefensible violations of the legislation.

The 2019 DCMS Cyber Security Breaches Survey (Cyber Security Breaches Survey 2019, 2019) reports that only 30% of UK businesses had made any sort of change to their businesses due to GDPR, and of that 30%, only a staggering 15% of those businesses had given their staff any GDPR training.

If your employees are unaware of what the GDPR requires of them, this needs to change. GDPR and the security of data processed or accessed within your organisation is the responsibility of every member of your workforce, and one minor indiscretion could prove catastrophic to the running of your business.


Ipsos MORI. (2019). GDPR One Year On. [online] Available at: https://www.ipsos.com/ipsos-mori/en-uk/gdpr-one-year [Accessed 7 Aug. 2019].

Cyber Security Breaches Survey 2019. (2019). [ebook] Department for Digital, Culture, Media & Sport. Available at: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/813599/Cyber_Security_Breaches_Survey_2019_-_Main_Report.pdf [Accessed 7 Aug. 2019].