Currently many data breaches don’t result in fines nor get publicised. However, there is an expectation that companies will keep the data they hold in such a way that it is protected.
From 25 May 2018 a new EU regulation (General Data Protection Regulation – GDPR) will become law and bring significant financial fines for any breaches. GDPR will replace the out dated Data Protection Directive, which has many gaps in it as a result of the rapid advancement of technology since 1995.
It is currently uncertain whether it will become law in the UK due to BREXIT but the expectation is that even if it’s not fully adopted by the UK a version will be enacted in UK law. Regardless of how it is adopted in the UK any business that transacts in Europe will have to abide by GDPR.
For more information visit the Information Commissioner’s Office page “Overview of the GDPR.