New data protection laws could cause pain for businesses

New data protection laws could cause pain for businesses

Incoming pan-European IT security legislation could leave businesses open to financial turmoil

Sweeping reforms to data protection legislation could cause significant pain to businesses that fall foul of the law, warns Grant Taylor

THE NEW YEAR is expected to bring sweeping reform to the European Commission’s pan-European data protection legislation and has been heralded as the first significant update of data protection since 1995.

The most significant anticipated difference is that organisations will have just 24 hours to notify their respective supervisory authority of a breach – in the UK this would be the Information Commissioner’s Office (ICO) and, at present, is not actually compulsory.

Also, if the data breach is likely to adversely affect the protection of the personal data or privacy of the people concerned, then the organisation must also inform the Commissioner’s Office within a day. Again, this is currently not compulsory in the UK.

Thirdly, the penalties for severe failures in data protection could rise to 5 per cent of the company’s global annual turnover for serious failures. The ICO can fine organisations up to £500k for serious data breaches, although the highest to date has been £130,000.

The bottom line is that these changes mean any breach will have a financial impact on the organisation to some degree – whether directly through fines, or indirectly through incurred costs, brand damage, share price erosion, the list goes on, making containment crucial.

But, these changes will affect all companies that work in the European Union. Organisations headquartered outside the EU, but operating within it, won’t be able to slip the net as they too will be subject to these new rules, as well as organisations that sell customer data to third parties.

What next?

The European Commission hasn’t actually announced the changes to date, and even when they do they will need to be sanctioned by national governments, so nothing will change overnight. Rather than wait, organisations should act now and implement the necessary culture change which will take time.

Organisations should review and, where appropriate, strengthen data protection and IT security policies and procedures, so everyone knows and understands their personal responsibility for data protection.

Embedding an automated policy management solution into an organisation is a viable way to create and sustain a culture of compliance, where people understand their responsibilities and the importance of adhering to corporate standards.

The ICO’s current recommendation is to use approved encryption software designed to guard against the compromise of information.

Businesses will need to start organising themselves to consider the financial ramifications of having weak data security. But, they must not forget to also protect themselves by implementing procedures so that if a breach occurs they do not fall foul of incoming EU legislation.

Grant Taylor is a UK VP at Cryptzone

Share

Subscribe to get your daily business insights

Resources & Whitepapers

Why Professional Services Firms Should Ditch Folders and Embrace Metadata
Professional Services

Why Professional Services Firms Should Ditch Folders and Embrace Metadata

3y

Why Professional Services Firms Should Ditch Folde...

In the past decade, the professional services industry has transformed significantly. Digital disruptions, increased competition, and changing market ...

View resource
2 Vital keys to Remaining Competitive for Professional Services Firms

2 Vital keys to Remaining Competitive for Professional Services Firms

3y

2 Vital keys to Remaining Competitive for Professi...

In recent months, professional services firms are facing more pressure than ever to deliver value to clients. Often, clients look at the firms own inf...

View resource
Turn Accounts Payable into a value-engine
Accounting Firms

Turn Accounts Payable into a value-engine

3y

Turn Accounts Payable into a value-engine

In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...

View resource
Digital Links: A guide to MTD in 2021
Making Tax Digital

Digital Links: A guide to MTD in 2021

3y

Digital Links: A guide to MTD in 2021

The first phase of Making Tax Digital (MTD) saw the requirement for the digital submission of the VAT Return using compliant software. That’s now behi...

View resource