THE GDPR WAKEUP CALL

DON’T LET THE GDPR CATCH YOU OUT

Time and time again, I hear colleagues, associates and acquaintances say that they’ve got their cybersecurity strategies down to a fine art and that they will never become a victim of a data breach or fall prey to a hack. They also boast that their systems are so secure they don’t give GDPR compliance a second thought. They’re wrong on both counts. According to Bureau Veritas, the world’s second-largest provider of compliance and certification:

“GDPR was the enforcement stick which brought data protection into focus and after its inception, the number of cyber-attacks reported grew exponentially, as voluntary reporting of data breaches was introduced. The fines imposed upon firms are now so significantly higher, businesses can nil-afford to simply pay the fine and ignore the problem.”

Simply, this means that cybercrime is on the increase and companies and individuals that breach the GDPR face bigger fines than ever before. Take a look.

HOW MUCH CAN I BE FINED?

In the UK, the GDPR and DPA (Data Protection Act) set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements. Here are some of the most recent fines imposed by the EU and the UK.

CountryDateCompanyFine
Spain13 January 2021Caixabank S.A.€6,000,000
Ireland15 December 2020Twitter€450,000
UK13 November 2020Ticketmaster€1,405,000
Italy12 November 2020Vodafone€12,251,601
UK30 October 2020Marriott€20,450,000
UK16 October 2020British Airways€22,046,000
Germany1 October 2020H & M€35,258,708

There are no exceptions. If you have a breach, you will be fined. The data in this table should be a wake-up call for any business or individual. Yes, individuals get fined too. Here are three recent examples:

  • In January this year, somebody in Spain was fined  €1,200 for having an insufficient legal basis for data processing
  • In December last year, a doctor was fined €6,000 for having insufficient technical and organisational measures to ensure information security
  • In July 2020, an employer in Hungary was fined €1,700 for having insufficient fulfilment of data subjects rights

Having insufficient technical and organizational measures to ensure information security is the most common and also the one that will get you a massive fine. Is your IT infrastructure technically sound to protect data? Do you have organizational procedures in place that ensure data protection?

HERE’S WHAT YOU CAN DO

Be proactive. Cyber-attackers aren’t getting smarter. They are just getting more efficient at using their old tricks such as spam emails, computer viruses and chatbot hacking. It is your responsibility to ensure employees working remotely are well-equipped with the knowledge and infrastructure to mitigate potential attacks.

AND I CAN HELP

The experience and knowledge that I’ve gained over many years in the IT world shouldn’t go to waste. I know cybersecurity, something that I believe I have down to a fine art. I can provide you with

  • ongoing cybersecurity education and training
  • designing and implementing a best-fit cybersecurity strategy
  • protecting your systems to stop human error from turning into costly breaches.

Avoid a GDPR wake-up call. Let’s work together to protect everyone’s data, prevent cybercrime, and avoid potentially paying millions for a breach.

Leave a comment