Next year the new EU data rules come into force, and it seems like there is a lot of confusion for British companies. The General Data Protection Regulation aims to make data security a priority for all businesses small and large, which means that a supervisory authority has to oversee companies and check they are complying with all of the GDPR principles.
There are a few key changes which separate the GDPR and the current Data Protection Act. One of these is a duty on all organisations to report a significant data breach – to a supervisory authority such as the ICO, and in some cases all individuals affected will also need to be contacted. Breach reporting is essential and organisations which don’t notify the authority within 72 hours of a data breach can be fined.
So could you be fined by ignoring GDPR? Yes – any business can be investigated and any business can fall victim to a data breach. Now is the time to make preparations for the new data regulation to avoid a hefty fine.
How much could organisations be fined?
The GDPR is a long and complex set of regulations, and as the government cracks down on cybercrime any company which doesn’t abide by the law will face strict penalties. There are fines in place under our current data laws; the ICO can hand out a maximum penalty of £500,000 to companies which show negligence when protecting customer’s personal data.
Once the GDPR becomes law in May 2018, the penalty system will change. Businesses will be required to do a lot more when it comes to data protection, and if they suffer a breach through carelessness for data storage then they could be fined. The GDPR states that a fine could be up to 4% of an organisation’s global turnover or a maximum of $20 million.
The new fines are much more severe – let’s take a recent example. In 2016 TalkTalk received a fine of £400,000 for security failings which led to a large scale breach and millions of customer’s data being stolen. The NCC Group found that under GDPR, that single fine would rise to a whopping £59 million.
The financial penalties for organisations are much stricter under these new regulations, which is why it is more important than ever before to ensure your data security is efficient. If you do not have an in-house IT team then speak to your IT support services provider to see if there is anything you can do to increase online security.