How large can GDPR fines get in UK?

Google to cough up $19 million in kids' in-app purchases case

When GDPR (General Data Protection Regulation) comes into force in 2018, businesses not adhering to cybersecurity best practices risk either €20 million in fines or four percent of their annual global turnover, whichever is bigger.

The media has been buzzing about this a lot lately, but how much is four percent really, at least among UK organizations? According to PCI Security Standards Council -- that could be up to £122 billion. Here’s how PCI SSC came to that conclusion.

Last year, 90 percent of large organizations, and 74 percent of small and medium-sized enterprises, said they’d suffered a security breach, costing them up to £1.4 billion in regulatory fines, estimate. Current maximum for fines is set at £500,000.

If cybersecurity breaches stay at last year’s levels, the fines paid to the European regulator could be 90 times higher, up to £122 billion. Large businesses could see fines up to £70 billion, or a 130-fold increase.

"The new EU legislation will be an absolute game-changer for both large organizations and SMEs", says Jeremy King, international director at PCI Security Standards Council.

"The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs. Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand".

Published under license from, a Future plc Publication. All rights reserved.

Photo credit: Sam72 / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.