Written by Rob Young, Group Managing Director – 24th March 2017
British businesses could face fines of up to £17m for data breaches as Government adopts strict General Data Protection Regulation (GDPR).
In spite of Brexit, British companies will soon be forced to disclose data breaches and face fines worth tens of millions of pounds after the Government cracked down on cyber security and said it would still adopt strict European data protection laws to improve overall cyber security measures.
At present, the Information Commissioner’s Office can inflict a maximum penalty of £500,000 on companies that fail to adequately protect their customers’ information.
However the newly revised EU law – the General Data Protection Regulation (GDPR) introduces strict penalties for companies that suffer data breaches. Under the new rules, companies will face “more stringent sanctions” and could be fined up to 4% of global turnover or €20 million (£16.9m) – whichever is larger – for a breach, be it from a cyber attack or human error.
Pre Brexit, there were hopes that the UK wouldn’t have to adopt the GDPR if they opted to leave, however, this is not the case and the UK Government announced it will still adopt Brussels’ measures. The regulation alone is not entirely sufficient and that the UK Government will also look to work with companies to improve their data security.
The new regulation, which many critics say is too harsh, will introduce in the UK the provision that businesses must disclose breaches to the data and privacy watchdog, as well as to customers, while some larger companies may also be required to employ their own Data Protection Officers.
Experts predict that the significant number of breaches reported under the new law will shock the UK public, given that the majority of larger companies currently manage incidents without disclosure.
To find out more about how to protect both your business and customer data please get in touch and one of our IT Security Consultants can discuss your current setup and make recommendations for improvements with our GDPR Consultancy Brochure and Cyber Essentials framework.
We have written other useful articles on GDPR which you also may wish to read: 7 steps to kick start GDPR Compliance, New EU General Data Protection Regulation (GDPR), GDPR – what are the penalties for non-compliance?, and The Role of a GDPR Data Protection Officer.
We also partner with the British Assessment Bureau who undertake the ISO 27001 for many of our clients.