Clarkslegal LLP - Solicitors in Reading and London

Legal Updates

Cyber Security Survey shows need for vigilant approach to data protection

28 April 2017 #Employment

The government recently published its 2017 Cyber Security Survey results. Of note:

  • 46% of British businesses discovered at least one cyber security breach or attack in the past year;
  • Common breaches include issues surrounding fraudulent/phishing emails, viruses, spyware and malware; and
  • Only 26% of businesses reported an attack to an external agency.

The findings illustrate the importance of data protection measures. The Data Protection Act 1998 (DPA) imposes certain obligations, including a requirement for organisations controlling personal data to implement “appropriate technical and organisational measures” to protect personal data from unauthorised and unlawful processing. This includes security measures appropriate to the nature of the personal data to be protected, as well as the harm that might result from any unauthorised or accidental loss, damage or destruction of such data.

The ICO (Information Commissioner’s Office) guidance states that to manage a breach of security, organisations should:

  • Adopt a recovery plan;
  • Assess ongoing risks associated with the breach;
  • Consider whether a breach of security should be notified, who should be notified and what information should be given;
  • Evaluate the cause of a breach and the effectiveness of its response to it; and
  • Consider whether to notify individuals affected by a data breach, and of any steps they should take to protect themselves.

Currently, the ICO only expects to be notified where there has been a serious breach. However, this will change in 2018 when the EU’s General Data Protection Regulation (GDPR) takes effect. The GDPR imposes much stricter obligations, including the requirement to notify the ICO of all data breaches without undue delay (and where feasible within 72 hours), unless the data breach is unlikely to result in a risk to individuals.

With the ICO having the power to fine organisations up to £500,000 for failing to comply with the DPA (which will increase to the greater of 2% of annual worldwide turnover or €10 million under the GDPR), data protection is a key issue for businesses and the consequences of non-compliance can be costly.

Clarkslegal, specialist Employment lawyers in London, Reading and throughout the Thames Valley.
For further information about this or any other Employment matter please contact Clarkslegal's employment team by email at by telephone 020 7539 8000 (London office), 0118 958 5321 (Reading office) or by completing the form on this page.
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Read more articles


Employment team
+44 (0)118 958 5321