Data Protection & Your Personal Data Security
Data Protection legislation just became much more serious. On May 25th 2018, the rules for holding personal data changed significantly. Below, we’ll explain some of the changes, and what happens when companies get this wrong.
The ICO (Information Commissioners Office) can and will now enforce tough new regulations. Personal data needs to be secure, up to date and fit for purpose.
Organisations and companies who fail to take action to guarantee data security risk substantial penalties and serious harm to their reputation. Is all of your data secure?
We’ve worked with several clients whose employees were holding data on spreadsheets and other insecure formats. The personal and wider risk to the company of fines cannot be understated. You MUST ensure that you’re protecting personal stakeholder data at all times.
It’s worth taking a quick reading break at this point to ask around and make sure that team members aren’t creating their own ‘mini databases’ full of personal data that could leave you liable.
The good news is that there’s a genuine solution that will allow your colleagues to work while protecting the business against loss of reputation and fines from data breaches.
Holding your personal data in a compliant database can be the most secure way of committing to modern rules on data protection. Thereby demonstrating to the ICO when required, that you have plans and procedures in place to minimise any data breach.
What happens if a data breach or attack is successful?
Should a data protection breach or other incident occur, your preventative work will be considered when the ICO responds to such an event.
Unfortunately, even if you manage to avoid an ICO fine or other punitive measure, you’re still likely to suffer significantly if news of a breach reaches the public.
In 2015, national Internet Service Provider, TalkTalk suffered a data breach that saw the details of nearly 157,000 people leaked online. 15,000 bank account and sort code numbers were also compromised.
In addition to the £400,000 fine that was issued due to a simple SQL injection attack, the ISP also haemorrhaged tens of thousands of customers who, until that point, were happily paying subscription fees every month. TalkTalk’s IT professionals it seems, had simply failed to apply a readily available software patch that would’ve prevented the attack.
The Information Commissioner’s Office commented that TalkTalk had failed to take even the most basic cyber security measures. The reputation of the former CEO of TalkTalk, Baroness Dido Harding is still marked by that incident today.
It’s worth noting that the remarkable fine was issued before the new expectations and powers came into force. Had this lapse happened today, the fine would most likely have been exponentially higher.
What’s even more simple and obvious than the attack that TalkTalk suffered? A colleague losing a laptop or thumb drive that contains your personal customer or employee data.
Our Data Protection health check will protect your business.
Here at Computerisation Limited, we can help you manage your GDPR & Data Protection Act 2018 compliance processes. We’re experts with over 30 years of experience in safeguarding data.
If you are within a 50 mile radius of Cardiff, you are eligible for a free face-to-face consultation with one of our experienced specialists.
For customers outside of this range, we’ll carry out a free consultation via video or phone.
It’s time to take insurance against an attack or breach. A data protection failure could be the most costly event to ever hit your business.
Call us today on 02920 712 664 or email firstname.lastname@example.org for assistance.
Alternatively click on the link below
Get in touch
This post was updated on 14/05/2020 to improve and update some of the information contained within.