Cyberspace is often seen as a lawless frontier where hacking can effect companies and organisations as indiscriminately as individuals.
But this lawless atmosphere will change somewhat following the introduction of GDPR next year.
Under GDPR, the ICO will not view a data controller or processor as a victim of a cyber attack, but as the responsible negligent party whose action or lack of action allowed the hack to be possible.
The risk to business is no longer merely the embarrassment of having one’s system hacked.
The consequences of mishandling the private details on individuals carry financial implications that will cause some companies and boards significant discomfort and force others into bankruptcy.
Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.