GDPR could have cost Tesco £2bn

November 14, 2016 10:46 am Back to News & Offers

Tesco CartsAs of the date this article was written, businesses throughout Europe have only 555 days left to reorganise their data management to be compliant with GDPR. Tesco Plc, however, may breathe a sigh of relief that the GDPRwas not implemented immediately. Under the new regulations, which come into force on the 25th May 2018, their recent data breach may have cost them just under £2bn.

Tesco Bank, a subsidiary of Tesco Plc reported a data breach over the weekend of 5th and 6th November. The breach lead the bank to cease all transactions online, an inconvenience for many of their customers. Although it refunded £2.5 million to their customers, had the GDPR been in affect, that figure would be vastly overshadowed by the potential fines they could have faced.

The GDPR stipulates that the parent company is responsible for any of its subsidiaries, meaning the fine would land on the doorstep of the Tesco Plc HQ in Hertfordshire. It would not stop there either, the parent company would also face a fine of up to £20 million or 4% of global turnover.

Tesco Plc generates an annual revenue that boarders on the £50bn mark, meaning they could have faced a potential £1.94bn fine if regulators used their power to full extent.

This serves as a warning to many businesses, and their subsidiaries, who generate revenues of £500 million or above, who will be fined the 4% of revenue and not the £20 million cap.Data protection is more important than ever in a digital age and businesses need to start putting the proper protocols in place to comply.

GDPR review


Breached organisations can face fines of up to €20m or 4% of annual global turnover

To find out more on the GDPR Directive, you can view our brief guide here, or visit the DMA website here