The number of firms fined for breaching data protection laws almost doubled in 2016, but new rules launching in May 2018 could see penalties for infringement soar.
The research, published by PwC, said 35 businesses were fined, compared to 18 in 2015, amounting to £3.2 million in total.
It added that a further 23 enforcement notices (forewarnings that require an organisation to improve compliance) were issued. PwC says this is a 155 per cent year-on-year increase.
However, new rules coming into effect next May could see fines soar to more than 20 million euros (£17.4 million).
The General Data Protection Regulation, or GDPR, will “protect EU citizens’ data privacy” and “reshape the way organisations across the region approach data privacy”.
It means firms will face much tougher obligations and harsher penalties if they fail to comply.
Under GDPR, the Information Commissioner’s Office (ICO) can issue fines of up to four per cent of global turnover, or 20 million euros, whichever is higher.
Comparatively, ICO has the power to charge just £500,000 at present.
Stewart Room, an expert in global cybersecurity and data protection at PwC, said: “UK organisations must use the remaining time to prepare for GDPR compliance before May next year.”
For more information on GDPR, click here.