Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

Talk Talk data breach fine a taste of things to come?

06 Oct 2016 United Kingdom 3 min read

This article was produced by Nabarro LLP, which joined CMS on 1 May 2017.

Talk Talk has been fined £400,000 by the Information Commissioner’s Office (ICO) following the cyber attack in October 2015 which resulted in 157,000 customer records being compromised. Whilst it is the largest monetary penalty notice levied by the ICO to date, Talk Talk is perhaps fortunate that the incident took place before the implementation of the General Data Protection Regulation (GDPR) which will give the data protection authorities the ability to render fines of up to 4% of a business’s global turnover.

The potential imposition of a hefty penalty for a data protection breach is in part a response to the growing threat of data breaches resulting from cyber attacks and should encourage all organisations which control or process data relating to individuals (be they customers or employees) to ensure that they take adequate steps to safeguard the security of that data. As the Information Commissioner, Elizabeth Denham, stated the fine “acts as a warning to others that cyber security is not an IT issue, it is a boardroom issue”.

Whilst the GDPR sets a limit on the fines which can be levied following a breach, the level of fine actually implemented will depend on the circumstances giving rise to the incident and the steps which the victim of the attack took to minimise the risk of a cyber attack, including the approach to employee training and awareness, the policies and procedures in place and, of course, the level of IT security. However, there is no doubt that fines will increase, and it is generally accepted that whilst the GDPR may not have direct effect in the UK following departure from the EU, the UK’s data protection legislation will be largely aligned with the provisions set out in the GDPR.

All organisations can take steps to minimise the risk of a cyber attack, which will not only minimise the likelihood of a significant fine but also the risk of reputational damage and other negative impacts of a data security breach. Guidance is widely available, including the Government’s Ten Steps to Cyber Security publication.

If you would like additional guidance on your cyber security strategy please let us know. We will be happy to help.

More insights
Cyber TMT - Technology, Media & Telecommunications Data Protection & Freedom of Information Dispute Resolution Technology

Explore more

Event United Kingdom

CMS Update Morning: Media, Sports and Entertainment

29 Apr 2026
Expert Guide International

Data protection and cybersecurity laws in the United Kingdom

38 min read
Publication United Kingdom

Cyber risk management for senior leadership teams

02 Oct 2025 1 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.