Reading:
Who is responsible for data protection? Blame HR, apparently…
Share:
cybersecurity issues

Who is responsible for data protection? Blame HR, apparently…

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

According to some recent and rather worrying research, the question as to who is responsible for data protection is that it’s a HR problem, some executives say.

According to a spread of UK executives who were asked about where the responsibilities are in terms of compromised credentials, like stolen or misused passwords, it’s a HR training issue.

It’s understood that one-fifth of respondents placed the responsibility in the hands of HR departments, with close to a thousand executives questioned. Some respondents also considered compromised credentials and weak passwords as very little risk to the business as well.

Who is responsible for data protection when it comes to compromised credentials? It’s a HR thing…

Is this kind of attitude simply passing the buck? The question as to who is responsible for data protection in an organisation is incredibly important, and it goes above and beyond one person or one department.

With so many UK businesses still failing to respect cybersecurity, it’s no wonder there are constantly breaches hitting the news.

Simply put, everyone within an organisation is responsible for data protection, and although HR training may be a key factor in learning and enforcement, company executives need to take personal responsibility for it as well.

The Equifax data breach was a classic example of leaving the responsibly being with just one – or a small number of – person(s). The addition of a security patch was somehow forgotten, and this led to a huge breach last year affecting 700,000 UK residents.

Why do executives need to take personal responsibility for data protection?

If an organisation is responsible for breaching important data protection laws, here’s what they may face:

  • Legal action for compensation for victims. Imagine if there are just a thousand victims claiming and they each recover £5,000.00 in damages. That’s a damages pay-out alone – not including costs – equating to £5,000,000.00 (five million pounds);
  • The Information Commissioner’s Office could impose fines of up to £17m r 4% of the organisations global annual turnover in accordance with the new GDPR that came into force in May 2018;
  • Consumers are now looking to take their custom to organisations who offer good data protection, and who have not been involved in big data breaches. Profitability and data protection practices are now directly linked.

And that’s just three reasons. So, company executives, having read through those reasons, shall we ask again: who is responsible for data protection? Is it a matter to pass off on your HR department, or is the potential of your company paying out £22,000,000.00 (twenty-two million) in damages and fines, using the above example (which doesn’t include legal fees or the impact of profitability), something to think about?

Compromised credentials can be a huge risk to organisations

Compromised credentials can actually be a huge risk to organisations, whether it stems from stolen information or weak passwords resulting in systems and servers being broken into. Even the smallest of data breaches can lead to huge problems for victims and the organisations.

Given so much of businesses these days are linked together and online / in the cloud, even one administrator’s compromised credentials could allow a hacker to gain access to personal and sensitive – and even financial – information within the organisation.

Hackers are not fools. They’re usually highly intelligent, good at what they do and are incredibly innovative.

So, who is responsible for data protection? In reality, we all are. It’s everyone’s problem and everyone’s responsibility.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon