GDPR can feel like a lot of hassle and red tape and it's easy to forget the protection it gives to each and every one of us but what are the chances of your organisation having a data breach or your own personal data being accidentally or unlawfully disclosed, lost, accessed or altered?
The ICO on data breaches
In the first 11 months after GDPR came into force, over 14,000 data breaches were notified to the ICO. With that equating to over 40 data breaches every working day, the ICO understandably takes a strong stance on companies failing the individuals whose data they hold. This has included:
The announcement of the intention to fine British Airways £185million for a cyber incident that saw personal data of 500,000 customers being accessed by cyber criminals. The ICO investigation found poor data security at the UK’s second largest airline.
A £120,000 fine for Heathrow Airport when a member of the public found a USB memory stick lost by a member of staff. The USB contained personal data of security personnel and was not encrypted or password protected. When investigating the breach, the ICO found that only 2% of Heathrow's staff had been trained in days protection.
A £500,000 fine for Facebook for the unlawful processing of users’ information when they allowed application developers to access personal information without the clear and informed consent of the individuals concerned. After the reputational damage Facebook has suffered over its approach to data privacy, the company recently acknowledged its responsibility in a ‘privacy-focused vision’.
A motor industry employee was sentenced to six months in prison for using his colleague’s log in to access thousands of customer records without authorisation, something he continued after he went to work for a competitor. The individual pleaded guilty to a charge of securing unauthorised access to personal data.
The ICO has also reported that complaints about data handling have doubled since GDPR came into force on 25th May 2018.
Other organisations on data breaches
A number of public and private sector surveys also show that the chances of a data breach are high:
A Cyber Security Breaches Survey by the Department for Digital, Culture, Media & Sport found that 32% of businesses had cyber security attacks or breaches in the last 12 months with an average annual cost of over £4,000 following lost data or assets as a result of those breaches.
A Data Privacy Benchmark Study carried out by Cisco earlier this year estimated that even in ‘GDPR ready’ businesses, the chances of having a data breach in the next 12 months is 74%. For less-prepared companies that increases to 89%.
Many people are becoming more aware of their rights and breaches that affect them and reports show that breach reporting and complaints to the ICO are increasing rapidly. It’s likely to continue as a high-profile area in the future. With the changes of a data breach so high, we recommend you recommend you ensure that you are equipped to deal with a data breach – it’s just a question of if, not when, it will happen.
Guidance on handling data breaches
Astrid’s online platform helps you define your breach identifying and reporting process and includes a breach handbook to help you manage and track breach incidents as they develop. Subscribe today to access all the tools and guidance small businesses need to become and remain compliant with GDPR.
Protect your business - become and remain GDPR compliant with Astrid