I’m retiring, what do I need to do for GDPR to wind up my business?July 6, 2019
Do I need encryption?August 8, 2019
What are the chances of having a data breach?
GDPR can feel like a lot of hassle and red tape and it's easy to forget the protection it gives to each and every one of us but what are the chances of your organisation having a data breach or your own personal data being accidentally or unlawfully disclosed, lost, accessed or altered?
The ICO on data breachesIn the first 11 months after GDPR came into force, over 14,000 data breaches were notified to the ICO. With that equating to over 40 data breaches every working day, the ICO understandably takes a strong stance on companies failing the individuals whose data they hold. This has included:
- The announcement of the intention to fine British Airways £185million for a cyber incident that saw personal data of 500,000 customers being accessed by cyber criminals. The ICO investigation found poor data security at the UK’s second largest airline.
- A £120,000 fine for Heathrow Airport when a member of the public found a USB memory stick lost by a member of staff. The USB contained personal data of security personnel and was not encrypted or password protected. When investigating the breach, the ICO found that only 2% of Heathrow's staff had been trained in days protection.
- A £500,000 fine for Facebook for the unlawful processing of users’ information when they allowed application developers to access personal information without the clear and informed consent of the individuals concerned. After the reputational damage Facebook has suffered over its approach to data privacy, the company recently acknowledged its responsibility in a ‘privacy-focused vision’.
- A motor industry employee was sentenced to six months in prison for using his colleague’s log in to access thousands of customer records without authorisation, something he continued after he went to work for a competitor. The individual pleaded guilty to a charge of securing unauthorised access to personal data.
Other organisations on data breachesA number of public and private sector surveys also show that the chances of a data breach are high:
- A Cyber Security Breaches Survey by the Department for Digital, Culture, Media & Sport found that 32% of businesses had cyber security attacks or breaches in the last 12 months with an average annual cost of over £4,000 following lost data or assets as a result of those breaches.
- A Data Privacy Benchmark Study carried out by Cisco earlier this year estimated that even in ‘GDPR ready’ businesses, the chances of having a data breach in the next 12 months is 74%. For less-prepared companies that increases to 89%.