In the news now: British Airways faces a £183 million fine by the ICO (Information Commissioners Office) following a breach of its security systems. As a result, hackers were able to access the confidential information of 500,000 customers.
The fine comes in the wake of the stringent application of the General Data Protection Regulation (GDPR) in which data protection non-compliance can result in a fine of €20 million or 4% of annual turnover, whichever is greater. The BA penalty works out at 1.5% of its global turnover for 2017. This is the largest fine ever imposed for a data breach. In 2018, Facebook was fined £500,000 – the maximum the law would permit at that time – for the Cambridge Analytic data breach. The latter, which allowed third-party developers to access Facebook users’ data without sufficient consent, meant that the profiles of 87 million individuals were harvested without their knowledge. Had the fines been issued under the GDPR, Facebook would have had to foot a bill of £1.2 billion.
A BA spokesperson said that they were “surprised and disappointed” by the fine imposed by the ICO.
On the other hand, Elizabeth Denham from the ICO said:
“People’s personal data is just that – personal. When an organisation fails to protect itself from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”
So, what does this mean to you, the CEO, CFO or Executive of a small to medium-size business? Probably not much, right? Wrong. If you access, process and store any personal data, your business and IT systems must be GDPR compliant. If not, you will face a €20 million fine in the event of a data breach.
If you conduct financial transactions and store client bank details or credit card information, you’re an easy target for cybercriminals. Remember, they like the look and smell of money, that’s the primary reason behind the hacking. So, if that data is stolen, not only will you have an enormous GDPR fine to pay, but you’ll have to compensate customers for any financial loss.
Your computer hardware – laptop, tablet or any other device must also be protected. Malware in the form of trojans, spyware, viruses and more, can easily infect computers, gathering data and passwords. So, having robust IT security to monitor your machines is a must.
You need to be better than BA. Or, putting this another way, can you afford to make the same mistake as the airline? If you have any doubts, contact your local IT Managed Service Provider (MSP) today. Your MSP will manage and monitor your systems, using the latest IT security. This means that your data is safe and free from the claws of hackers and the jaws of the GDPR. Knowing this, you and your team will have peace of mind and free to focus on doing business for your business.
