In May 2018, the way companies in the UK handle personal data needs to change. The new General Data Protection Regulation (GDPR) comes into force and companies will immediately face fines of €20m or 4% of their global turnover (whichever is higher) for breaches to their data banks.
The GDPR will require many companies to look again at their cyber security and systems as it expands the existing data protection requirements to cover any information that can be an online identifier. That can be the traditional data covered by the Data Protection Act (DPA), such as customer lists and contact details, but then expands to new information like the IP addresses of their online visitors.
Cyber-security incidents are rising
The government watchdog that investigates data security breaches, the Information Commissioner’s Office (ICO), says failings in cyber security are already on the rise. They saw 678 reported incidents in the last quarter. That’s an 18% increase from the three months before. These reports are based on the current provisions of the DPA. It Is likely the number of incidents will increase as the GDPR comes into effect.
The ICO also reported some huge fines for companies that didn’t invest in data encryption or quality information training for their staff. HCA International Ltd, a private healthcare company, were fined £200,000 for failing to keep fertility patients’ personal information secure. Royal & Sun Alliance Insurance were hit with a bill for £150,000 after losing personal information of nearly 60,000 customers.
Companies, and individuals, face huge fines over data breaches
Even smaller-scale operations are at risk of punishing fines from the ICO. In the other case prosecuted in the last quarter, one barrister, with information from one computer, was fined £1,000 for a single data breach. Imagine how that could scale up in a growing business as the level of fines for not having adequate data security (such as encryption) grows in May.
This organisational and financial pain could have been avoided. Data encryption experts like MFG Managed Encryption can encrypt the information on a computer for around £50. Even medium sized businesses with 100 computers could secure their data for a little as £5,000. The prosecuted barrister could have saved £950 if he had encrypted the information on his computer using our service.
The MFG solution is fully centralised for all devices – desktops, laptops, removable media, tablets, mobiles and now even the cloud. Please enquire for further information.