Reading:
“Data breach fines that could dismantle a company” – The Payment Card Industry Security Standards Council imposes a new EU regulation that could impose £122 billion worth of data breach fines on U.K. companies, taking effect in 2018
Share:

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

“Data breach fines that could dismantle a company” – The Payment Card Industry Security Standards Council imposes a new EU regulation that could impose £122 billion worth of data breach fines on U.K. companies, taking effect in 2018

As cyber-attacks are on a continual upward trend, so is the need for real and robust data protection.

This is shown in the Payment Card Industry Security Standards Council’s (PCI SSC) statement where new penalties are to be enforced under EU data protection regulations for data breaches. Any financial penalty should scare any organisation from potential data breaches until the end of times!

The figures are staggering!

It’s reported that UK companies could face up to £122 billion in fines if they violate data protection principles, which is a lot of money.

New EU Regulation

This may be a strategic move from the PCI SSC following recent data breaches involving massive corporations like Yahoo and TalkTalk, who allegedly violated millions of their customers’ personal details by failing to adequately defend against hacks. The PCI SSC’s decision has come as no surprise as we are in the era of great technological advances which come with devastating consequences if digital data is not adequately protected.

The potential fines comes into effect in two years time through new EU legislation. Consumer protection seems to be at the forefront of the EU’s aim – as reflected in the new legislation – and is a welcome step toward protecting people’s right to privacy.

UK Government study

The UK government found that a shocking 90% of large organisations and 74% of small to medium enterprises admitted to security breaches. This is a figure that calls for immediate action and must be heavily regulated. Fines are not of a new phenomenon, following the above statistics a total of £1.4 billion regulatory fines were imposed on organisations to date. It is great to see that governing bodies recognise the importance of data protection and are taking enforcement seriously.

Data Protection Act

The Data Protection Act is an important piece of legislation that has served the best interests of individuals in the U.K. for a long time. It places a burden on organisations and companies to comply with eight data protection principles that stipulates their responsibility in protecting their customers’ personal information.

The Data Protection Act enforcement body, the Information Commissioner’s Office (ICO), has the authority to impose financial penalties under EU General Data Protection Regulation (GDPR) guidelines. If the ICO finds an organisation to be in breach of data protection principles, they are subject to a maximum financial penalty of £500,000. The ICO’s role is crucial for clamping down on non-compliant organisations. Over a six year period, the ICO has imposed fluctuating fines with 2015 being a spike in the statistics with 18 fines totalling over £2 million.

Time to pump up the security

The EU GDPR will come into force from 25 May 2018, which roughly gives organisations a two year window to buckle up their security ideas.

If companies and organisations fail to do so, their finances and reputation could take a dramatic hit, with penalties reaching an upper limit of 20 million Euros, or 4% of annual global turnover. Companies should be trembling in their boots at the prospect of a big financial penalty. For small to medium enterprises this could be a life or death matter for their companies.

Data protection tools for organisations

There are tools that could help organisations in their security procedures. This includes a Data Protection Act Foundation Course which informs organisations of the Data Protection Act and what they need to do to ensure they are compliant with the Act. Other tools include the EU GDPR Documentation Toolkit which contains policies and procedures to ensure that organisations are compliant with the EU GDPR, which can be tailored to the organisation. The benefits of these tools are striking – it effectively reduces the risk of organisations being lax on their security and data protection.

Further information and resources can be found on www.itgovernance.co.uk/dpa-penalties.aspx.

Compliance or consequences…

The message is simple: Data protection should be an important aspect of an organisation’s procedure, so they must do everything they can to protect their customer’s personal details. If they don’t, the EU GDPR are on hand to penalise them with penalties that could cause damages to their reputation and credibility, and huge financial losses. In the worst case scenario, it could potentially ruin a company, on face value…

On the brighter side, hopefully individuals like you and I can have a slight peace of mind that the new EU regulations will protect us from any potential data breaches.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon