The Horror of Hacking
Picture the scene. Just another day at work. Sipping coffee, reading documents. Suddenly, you get an email notification. There’s been a data breach in your company’s network. Another email. Apparently, you’ve been in violation of something called ISO27001. What on Earth is that? What does it mean? Another email – this one is a notification of a fine. You open it. How much? Hundreds of thousands of pounds.
This may seem like a scene from a bizarre horror film, but it’s very much reality. Every single day, individuals such as yourself and companies that you work for are hacked and have sensitive data stolen or are infected with insidious malware that can destroy businesses, client relationships and reputations. The situation is only going to get more hazardous with more and more business being moved online as well as new, more aggressive laws to punish people who are lax with data protection and cybersecurity.
Speaking of new laws, have you heard about the new EU General Data Protection Regulation? You really should have, as it’s coming in May 2018 and it’s going to turn the business world upside down. Essentially, it hugely increases the standards that all organisations that work with, or within the EU need to protect data and ensure strong cybersecurity practices. There’s three key things that anyone working in an organisation handling or processing personal data needs to know. Basically:
- Large companies need to appoint a specialist Data Protection Officer
- Brexit does NOT affect it
- The fines for not complying with it are MASSIVE (up to 4% of global income for any company)
A “data protection officer” sounds like an important job. That’s because it is. These people have to be experts in data protection law and need to have both a dedicated support team as well as regular access to a company’s management board. There’s no two ways about it; entire new departments will probably have to be created to facilitate this and there’s not much time to do it.
A lot of organisations are going to have a rude awakening next year as they’ve been asleep at the wheel. There’s a lot of misinformation going around, such as “Brexit means we’re leaving the EU and therefore this won’t affect OUR company”. As President Trump would say: “WRONG”. The EU GDPR affects all third-party nations where EU data is stored or processed and that includes the UK. You need to ensure that appropriate safeguards are in place or you WILL be slapped with a hefty fine.
Speaking of hefty fines, that 4% of global turnover figure is a real eye-waterer. It’s equivalent to almost £1 BILLION for an average FTSE 100 company. That’s not the kind of figure we tend to think of when it comes to slaps on the wrist. It’s deliberately designed to make you sit up and notice. The EU commission is not messing around. And this fine can be applied once a year, every year continuously if data protection regulations aren’t followed adequately.
These three key factors are only a small sample of the vast regulatory network that is going to come into place in May 2018. Are you and your organisation ready? Because the regulators are. And they smell blood.