As cyber-attacks are on a continual upward trend, so is the need for real and robust data protection.
This is shown in the Payment Card Industry Security Standards Council’s (PCI SSC) statement where new penalties are to be enforced under EU data protection regulations for data breaches. Any financial penalty should scare any organisation from potential data breaches until the end of times!
The figures are staggering!
It’s reported that UK companies could face up to £122 billion in fines if they violate data protection principles, which is a lot of money.
New EU Regulation
This may be a strategic move from the PCI SSC following recent data breaches involving massive corporations like Yahoo and TalkTalk, who allegedly violated millions of their customers’ personal details by failing to adequately defend against hacks. The PCI SSC’s decision has come as no surprise as we are in the era of great technological advances which come with devastating consequences if digital data is not adequately protected.
The potential fines comes into effect in two years time through new EU legislation. Consumer protection seems to be at the forefront of the EU’s aim – as reflected in the new legislation – and is a welcome step toward protecting people’s right to privacy.
UK Government study
The UK government found that a shocking 90% of large organisations and 74% of small to medium enterprises admitted to security breaches. This is a figure that calls for immediate action and must be heavily regulated. Fines are not of a new phenomenon, following the above statistics a total of £1.4 billion regulatory fines were imposed on organisations to date. It is great to see that governing bodies recognise the importance of data protection and are taking enforcement seriously.
Data Protection Act
The Data Protection Act is an important piece of legislation that has served the best interests of individuals in the U.K. for a long time. It places a burden on organisations and companies to comply with eight data protection principles that stipulates their responsibility in protecting their customers’ personal information.
The Data Protection Act enforcement body, the Information Commissioner’s Office (ICO), has the authority to impose financial penalties under EU General Data Protection Regulation (GDPR) guidelines. If the ICO finds an organisation to be in breach of data protection principles, they are subject to a maximum financial penalty of £500,000. The ICO’s role is crucial for clamping down on non-compliant organisations. Over a six year period, the ICO has imposed fluctuating fines with 2015 being a spike in the statistics with 18 fines totalling over £2 million.
Time to pump up the security
The EU GDPR will come into force from 25 May 2018, which roughly gives organisations a two year window to buckle up their security ideas.
If companies and organisations fail to do so, their finances and reputation could take a dramatic hit, with penalties reaching an upper limit of 20 million Euros, or 4% of annual global turnover. Companies should be trembling in their boots at the prospect of a big financial penalty. For small to medium enterprises this could be a life or death matter for their companies.
Data protection tools for organisations
There are tools that could help organisations in their security procedures. This includes a Data Protection Act Foundation Course which informs organisations of the Data Protection Act and what they need to do to ensure they are compliant with the Act. Other tools include the EU GDPR Documentation Toolkit which contains policies and procedures to ensure that organisations are compliant with the EU GDPR, which can be tailored to the organisation. The benefits of these tools are striking – it effectively reduces the risk of organisations being lax on their security and data protection.
Further information and resources can be found on www.itgovernance.co.uk/dpa-penalties.aspx.
Compliance or consequences…
The message is simple: Data protection should be an important aspect of an organisation’s procedure, so they must do everything they can to protect their customer’s personal details. If they don’t, the EU GDPR are on hand to penalise them with penalties that could cause damages to their reputation and credibility, and huge financial losses. In the worst case scenario, it could potentially ruin a company, on face value…
On the brighter side, hopefully individuals like you and I can have a slight peace of mind that the new EU regulations will protect us from any potential data breaches.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.