Dixons breach the ‘first real test’ of GDPR
THE DATA breach at Dixons Carphone will be the first real test of new General Data Protection Regulation (GDPR), a legal expert has claimed.
David Scott, associate at Yorkbased Hethertons Solicitors, has said that Dixons Carphone could face a significant fine if the breach is shown to have occurred after May 24, the date the regulations came into force.
Mr Scott added that firms of all sizes review their data security and storage procedures and have a process in place to deal with breaches should they occur.
Dixons Carphone’s admission of a huge data breach this week involved 5.9 million payment cards and 1.2 million personal data records is such big news.
The hacking attempt saw “an attempt to compromise” 5.8 million credit and debit cards but only 105,000 cards without chipand-pin protection had been collected by the scammers.
The attack against the processing systems of Currys PC World and Dixons Travel stores follows on from another attack against part of the firm in 2015, which led to Carphone Warehouse receiving a fine of £400,000 from the Information Commissioners Office (ICO).
Mr Scott said: “This may be the first real test of the adequacy of the new data protection laws (GDPR) and how the information commissioner will deal with this breach.
“Whilst details of what caused the breach and when the breaches occurred are not clear what is clear is that this is a very serious breach.
“Dixons Carphone should now contact the individuals who it is considered to be highly likely to have their ‘rights and freedoms’ adversely affected by the breach. From a consumer point of view if you aren’t contacted the chances are your data is safe.
“The ICO will want to look at the cause of this breach to determine what action it should take. They may want to know if there is any link to Carphone Warehouse data breach of 2015 and if the lessons from that have been learnt. They will also want to know how any future breach will be avoided.
“If any breach occurred after May 24 the GDPR will apply and Dixons Carphone could face a significant fine under the new GDPR rules, but at the moment this doesn’t seem likely.
“This is a timely reminder for all businesses that hold personal data that they need to become GDPR compliant. Now is not the time to be complacent.”