GDPR – Keynote Highlights from Manchester IP XPO

  • May 1, 2018

"GDPR - Why you will not be fined" by Dai Davis

Cybergig was in attendance at the Manchester IP XPO last week and we saw some very interesting keynote speeches.

One that caught my attention was "GDPR - Why you will not be fined" by Dai Davis who is a specialist in Information Technology Law

In summary, he went on to explain that the chances of any organisation being fined by the ICO were 400 to 1.  And that it will be the Medium sized organisations who will bear the brunt of any fines.

Dai explained that recently the ICO had lost most of its staff to consultancy or legal companies and that internally they were struggling to upskill their own staff and make sense of GDPR.

Furthermore, he mentioned that a large non-disclosed ( he did name the company but I shall refrain) organisation was taken to court by the ICO, but the organisation had the means to fight back which resulted in a £7m+ payout by the ICO to the company which equated to twice the annual budget of the ICO at the time, therefore the ICO is wary to take on large organisations.

Additionally, it should be noted that the 4% financial penalty of turnover is only one part of a tiered penalty system.  An organisation with less than £500,000 turnover very unlikely to receive a fine because it is impossible for companies of this size to meet GDPR in full.

Indeed, as an Infomation Security Lawer, he felt it was impossible for the ICO or any other organisation to be fully compliant with GDPR.

It was noted that the UK has over 3 million companies and it is known that in this year's Cyber Breach Survey 2018, 43% of companies were breached in 2018.  So can the ICO handle the best part of 1.4 million companies reporting breaches and then investigating that - no.

The ICO has 450 staff.  In the majority of cases, it will not be able to come into your business and investigate, but they will be able to look at your website, its privacy policy and your forms to see if they conform to GDPR., anyone who doesn't comply may warrant further investigation.

It is also understood that the Government have asked the ICO to ensure that Data Portability is something that they target.  An example used was that of smart meter data.  Companies who know your routines and patterns can gain an unfair advantage in creating specialist tariffs for you, therefore it is important that the data held on you can be sent to everyone when you are comparing quotes.

Finally, it was concluded that the average fine for a medium-sized company would be circa £30,000 and therefore he advised that companies spend no more than £50,000 implementing GDPR.  He stated that in his own experience reputational damage from GDPR will be minimal, and sited that every bank in the UK has already been breached this year and that it is accepted by consumers to some extent.


‍‍‍‍‍Did you know that we are also a Crown Commercial Supplier?‍‍‍‍‍‍

Free Workforce Report

Our bespoke innovative technologies can provide you a free report detailing the following information for any project, initiative or recruitment need you may have.

These reports only use “live data” and are the most accurate reflection of the workforce in the geographical area you need at given time. Just stipulate, the skills or experience you need, or job title of the job you require and we can provide you with:

How many people live within 35 miles of your location with the skills, experience or job title that you are seeking

  • How many of that total are actively looking for work
  • How many of them are contractors, permanent staff etc
  • How many active CVs are available with the skills and experiences you need

By submitting this form you agree to our privacy policy.