THE GDPR MEANS CYBERSECURITY COMES FIRST
The GDPR was introduced across the European Union, including the United Kingdom, in May 2018. The rationale behind the regulation was three-fold:
- to harmonize data privacy laws across all of its member countries
- provide individuals with greater rights, consent and protection over their data
- to control how businesses access, process, and store personal data
The third point is salient to all businesses, not only those in the EU and UK. If your company is based in say New York and you process the data of European citizens, you are legally obliged to be GDPR compliant. And this applies to the big boys such as Facebook, Google, and Amazon too. The GDPR means that cybersecurity must come first for any business that wants to remain within the law.
WHAT HAPPENS IF I IGNORE THE GDPR?
The answer to this question is simple – if you have a data breach, the consequences are severe. Not only financially, but GDPR non-compliance will permanently damage your reputation. People who trusted you to securely handle your data will think twice before doing it again.
HOW MUCH CAN I BE FINED?
In the UK, the GDPR and DPA (Data Protection Act) set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements. Here are some of the most recent fines imposed by the EU and the UK.
| Country | Date | Company | Fine |
| Spain | 13 January 2021 | Caixabank S.A. | €6,000,000 |
| Ireland | 15 December 2020 | €450,000 | |
| UK | 13 November 2020 | Ticketmaster | €1,405,000 |
| Italy | 12 November 2020 | Vodafone | €12,251,601 |
| UK | 30 October 2020 | Marriott | €20,450,000 |
| UK | 16 October 2020 | British Airways | €22,046,000 |
| Germany | 1 October 2020 | H & M | €35,258,708 |
There are no exceptions. If you have a breach, you will be fined. The data in this table should be a wake-up call for any business.
WHY ARE BUSINESSES FINED?
Here are a few typical reasons, according to the GDPR Enforcement Tracker, as to why businesses are fined:
- Insufficient legal basis for data processing
- Non-compliance with general data processing principles
- Insufficient technical and organizational measures to ensure information security
The last reason is the most common and also the one that will get you a massive fine. Is your IT infrastructure technically sound to protect data? Do you have organizational procedures in place that ensure data protection?
ARE BREACHES ON THE INCREASE?
Bureau Veritas, the world’s second-largest provider of compliance and certification, has stated:
“GDPR was the enforcement stick which brought data protection into focus and after its inception, the number of cyber-attacks reported grew exponentially, as voluntary reporting of data breaches was introduced. With this came stricter penalties for businesses which failed to protect data. The fines imposed upon firms are now so significantly higher, businesses can nil-afford to simply pay the fine and ignore the problem.”
The onset of the coronavirus pandemic has made the situation worse. People working in offices function off a centralized and protected network, with systems in place to detect cyberattacks. With millions of people now working remotely from private home networks, the risk of a data breach increases by exponential proportions.
WHAT CAN I DO?
Be proactive. Cyber-attackers aren’t getting smarter. They are just getting more efficient at using their old tricks such as spam emails, computer viruses and chatbot hacking. It is your responsibility to ensure employees working remotely are well-equipped with the knowledge and infrastructure to mitigate potential attacks. Tim Sadler, CEO of email security company Tessian, says:
“Time and time again we see how simple incidents of human error can compromise data security and damage reputation. The thing is that mistakes are always going to happen. So, as organisations give their staff more data to handle and make employees responsible for the safety of more sensitive information, they must find ways to better secure their people. Education on safe data practices is a good first step, but business leaders should consider how technology can provide another layer of protection and help people to make smarter security decisions, in order to stop mistakes turning into breaches.”
USE ZHERO
Zhero is at the forefront of Cybersecurity protection and GDPR compliance for your business, no matter what the size. Zhero can provide your staff with education and training, apply the best cybersecurity strategies, and protect your systems to stop human error from turning into costly breaches.
