28 April 2017 #Employment
The government recently published its 2017 Cyber Security Survey results. Of note:
The findings illustrate the importance of data protection measures. The Data Protection Act 1998 (DPA) imposes certain obligations, including a requirement for organisations controlling personal data to implement “appropriate technical and organisational measures” to protect personal data from unauthorised and unlawful processing. This includes security measures appropriate to the nature of the personal data to be protected, as well as the harm that might result from any unauthorised or accidental loss, damage or destruction of such data.
The ICO (Information Commissioner’s Office) guidance states that to manage a breach of security, organisations should:
Currently, the ICO only expects to be notified where there has been a serious breach. However, this will change in 2018 when the EU’s General Data Protection Regulation (GDPR) takes effect. The GDPR imposes much stricter obligations, including the requirement to notify the ICO of all data breaches without undue delay (and where feasible within 72 hours), unless the data breach is unlikely to result in a risk to individuals.
With the ICO having the power to fine organisations up to £500,000 for failing to comply with the DPA (which will increase to the greater of 2% of annual worldwide turnover or €10 million under the GDPR), data protection is a key issue for businesses and the consequences of non-compliance can be costly.