A series of six-figure fines issued to to local councils in England over the past two months for breaches of data protection laws have highlighted how such risks will intensify by the incoming implementation of the General Data Protection Regulation (GDPR) in May 2018.
While in June the Information Commissioner's Office levied a fine of £100,000 to Gloucester City Council after a cyber attacker accessed employees' sensitive personal information, in May a fine of £150,000 was handed to Basildon Borough Council over sensitive information that was published on its online planning portal.
Under looming GDPR changes, the ICO will soon be able to impose fines of a much higher sum - the most serious breaches could attract fines of up to $20m or 4% of global annual turnover.
Speaking to Law Gazette about the risks, Sarah Williamson, partner at specialist technology firm Boyes Turner, said the fines “are a clear message to organisations that they need to get their house in order”.
“Organisations have been warned well in advance of GDPR coming into force, so ignorance will not be an excuse, and a failure to take any steps to comply will not go down well with the ICO who will come down hard on those who fail to take proactive steps.”
To read the full article, click here.
Boyes Turner’s experts can help organisations of all size navigate the impact of the GDPR – from data mapping, to gap analysis and risk assessment through to helping them consider the practical implications of the change in the law on a business’ processes and procedures.
Click here to learn more about the regulation and our approach to the regulation, including information on training courses, audits and reviews.
Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.