With all eyes on the new GDPR that has hit companies who either control or process EU citizens’ data, and compliance being at the forefront of discussion, it has emerged that the signs for UK-based companies aren’t good if the ICO’s report for last year on breaches and penalties is anything to go by.

It has come to light that the ICO dealt out 54 financial penalties for breaching pre-GDPR data protection laws, amounting to £4.2 million.

This is up by £1 million from the previous year and is a new record that no one will be proud of.

14 of the 54 financial penalties dished out didn’t exceed £100,000, but this will obviously be a thing of the past under GDPR where the fines will be considerably higher.

These findings paint a worrying picture, with the biggest changes in data protection laws for over 20 years now coming into force while the current trend in the UK has seen financial penalties rise consistently over the past two years, and by almost double since 2012.

Research by PwC suggests that the number of actions taken by the ICO, which includes financial penalties, prosecutions, and enforcement notices, has increased year on year for four years now.

When the entirety of the report is taken into account, the biggest takeaway from it all is that many organisations in the UK simply are not prepared for the GDPR.

Experts predict that over the next 2 years we can expect to see a significant rise in both the number of enforcement actions as well as the total monetary value of the fines issued.

We’ve seen the likes of Google hit by a fine that ran into the billions of Euros recently, so we know that European regulators aren’t afraid to flex their muscles and implement the laws, even when it comes to the biggest, most influential companies on the planet.

With many companies reportedly not fully compliant with GDPR as it stands, despite having considerable time to prepare, the next few years are looking as though they’re going to be very interesting, and perhaps costly, for a lot of data firms.