The government has warned that firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves adequately, or report, a breach in a timely manner.
The increased cap for fines comes as a part of the General Data Protection Regulation (GDPR) that will be implemented on May 25th 2018, which will replace the UK’s Data Protection Act 1998. The Government has also confirmed that when the UK leave the EU, GDPR will remain in place.
Back in 2016 the Payment Card Industry Security Standards Council (PCI SSC) advice that firms need to start putting in place procedures to counter the cyber security threats. They warned that UK firms could be paying £70bn in fines, if breaches continue at the rate they were in 2015.
The Digital Minister, Matt Hancock, says he wants the UK to be the safest place to live and be online Mark James, ESET IT Security Specialist, discusses how the increased fines can help improve cyber security and data protection.
“Protecting people’s data seems to be one of the hardest jobs for some companies to do in this modern digital world.
“It’s always difficult to put measures in place for something that may or may not happen, and in some cases it may have been cheaper to deal with the fines of data breaches than actually paying to protect against it in the first place.
“In May 2018 that’s all going to change. Currently the ICO can fine up to £500,000 for serious breaches of the Data Protection Act, although to date, we have only seen a couple of fines up around the £400,000 figure.
“From May 2018 we could see fines of up to £17 million, or 4% of global turnover of the previous financial year.
“These fines are huge and definitely overdue. Let’s put this in perspective though, the fines are not necessarily for being breached, they are for not doing enough to protect your user’s data.
“If you have clearly done all you can, put policies and procedures in place to clearly protect the data you hold and can prove you have done so, then you have done all you possibly can.
“These new measures are in place to stop companies doing little or nothing to protect the very data they often declare ‘is very important to them’.
“GDPR will also protect you as a user from having your data sold or used for other purposes that were not initially stated when your details were taken, something that happens so much these days.
“Encryption will be a big part of protecting our data, although it won’t protect you if an authenticated user is compromised.
“It will protect such failures as USB’s, laptop’s or DVD’s left on trains, lost in the post or just lying around for anyone to view.”
Are you fully prepared for GDPR? Let us know on Twitter @ESETUK. If not we’re here for you, visit our GDPR homepage to find out how we can help.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.