EU GDPR – The helping hand ?

All businesses & organisations, small, medium & large, across all industries all have one common fear: Customer Data Breach.

This common fear is also shared by the EU governments. So much so, that a ‘helping hand’ has been unleashed to ‘encourage’ businesses and protect customer data and give customers rights over their data. Of course this encouragement is helped by hefty fines worth upto 4% of global turnover or euros 20million, not to mention risk to brand reputation.

The message to boardrooms is clear: Become compliant and stay secure and you don’t incur fines” or “don’t comply, be at risk to data theft, face hefty fines, damage to your reputation and ultimately your bottom line.”

However it is this very encouragement which is causing board meetings to be held and budgets allocated to GDPR projects. CIOs and CFOs are finally talking the same language and finishing of each other’s sentences. Customer Data protection and budgets are being talked about in the same breath. GDPR will bring sweeping improvements in security and risk reduction across all industries.

The continuing rise and sophisitacaction of cyber attacks is another encouraging factor. Finally businesses are realising that they simply cannot afford to neglect data security.

GDPRs is encouraging departments to work together to implement changes to the way that organisations capture, manage and protect data. It is pushing organisations to seek more efficient platforms such as the cloud. It is forcing organisations to not only questions about the customer data they hold, but to actually do something about it.

  • What data is captured and for what purpose?
  • Where and how will it be managed and secured throughout the information lifecycle?
  • Does the data collected comply with new regulations and policies?
  • When will stored data be destroyed in accordance with data governance policies?

The GDPR seems timely in raising alarm bells in boardrooms. GDPR may have saved those business from being seriously damaged as a result of the security breach which finally broke as we see cyber crime become more and more prevalent and sophisticated.

Steady increase in Monetary Penalties issued by the ICO under the 1998 Data Protection Act (DPA) :

  • 2010: 2 fines £160,000
  • 2011: 7 fines £540,000
  • 2012: 17 fines £2.1million
  • 2013: 14 fines £1.5million
  • 2014: 9 fines £670,000
  • 2015: 18 fines £2million
  • 2016: 21 fines £2.2million
  • 2017 : 44 fines totalling £3.1million (to Aug 17)

The ICO currently has the below powers in case of breaches the 1998 data Protection Act (DPA):

  • Monetary penalty notices
  • Prosecutions
  • Undertakings
  • Enforcement notices
  • Audit

Individuals can be prosecuted as well as organisations.