Companies to face massive fines for losing customers’ information from 2018
COMPANIES FACE multi-millionpound fines for losing customers data from May – but many are not fully prepared for the major changes to legislation that are just a few months away, a cyber security expert has warned.
The General Data Protection Regulation (GDPR) comes into force next year and will massively increase the amount a company can be fined for data breaches. The legislation will see firms fined up to four per cent of their global turnover.
Speaking at a conference at Leeds Beckett University, former senior police officer Stuart Hyde QPM, Yorkshire and Humberside champion for the Cybersecurity Information Sharing Partnership, said many firms may not be fully aware of what the change could mean to them.
In October 2016, TalkTalk was given a record fine of £400,000 for security failings that allowed a cyber attacker to access customer data “with ease”.
More than 150,000 people’s information was accessed, with the attacker being able to see their bank account details and sort codes in 15,000 of the cases.
Mr Hyde said that under the GDPR rules TalkTalk’s fine could have been more than £50m.
“The big difference is if you get it wrong, it is a massive fine,” he said.
The GDPR comes from a new EU legal framework but the British Government has committed to applying it from May 25, 2018, despite Brexit. Mr Hyde said an awareness-raising campaign may be needed as the implementation of the policy draws closer.
“There is a belief it has come from the EU and with Brexit it is going. It is not – it is coming regardless of Brexit.”
A spokesman for the Information Commissioner’s Office said: “With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.”