Complying To GDPR

What Are The Consequences Of Not Complying To GDPR?

00Business Risk, Cyber Attack, Cyber Security, Data breach, GDPR, IASME, ISO27001, Latest news, Risk Education, Risk Management

So what are the consequences of not complying to the EU General Data Protection Regulations ?

I recently wrote a blog ‘What is GDPR and why do you need it?’ to highlight the real meaning behind why data protection is changing.

What Are The Consequences Of Not Complying To The GDPR?

The UK Government and Information Commissioners Office (ICO) have declared that no new legislation will be introduced to cover the growing threat of cybercrime as this is a business owner responsibility to address.

What they will enforce though is legislation about the use of data… If data is protected then at least any cyber-attacks will mean that personal data is (or should be) protected and safe.

What Are The GDPR Fines Or Punishment?

So the focus is on the GDPR and the penalties for non-compliance are eye watering

  • Infringement of Articles 5, 6, 7 and 9 carries a penalty fine of up to €20M or up to 4% of total global revenue of the preceding year, whichever is greater.
  • Infringement of Articles 8,11, 25-39, 42 and 43 carries a penalty fine of up to €10M or up to 2% of total global revenue of the preceding year, whichever is greater

In summary, we know that the GDPR is coming, that it will become law in May 2018, that it is important, that it should not be ignored and that there will be some pain if we fall short.

You need to comply to the GDPR so the question is…

More info

GDPR the new legislation

What is GDPR and why do you need it?

00Business Risk, Cyber Security, Data breach, GDPR

Why Do We Need the EU GDPR?

The European Union General Data Protection Regulations (or EU GDPR for short) is the update to the current UK Data Protection Act. It will impact all business and how we deal with data online.

Current Data Protection legislation was launched in 1998 and has improved the way businesses control our personal or sensitive data.

Increasingly if you are like me, you find yourself questioning on a daily basis, why more and more people are able to gain my details and send me junk mail and spam, or monitor my activity on websites.

How is this possible if I have ticked the TPA exclusion boxes or put exclusions on my BT line?

The fact is that data protection requirements were written for a different time, so what was a compliant use and retention of data is now not fit for purpose.

Perhaps the legislation was not unreasonable in 1998…….

Where were you 20 years ago? You may have had a computer with a floppy disk and a processor far less powerful that a mobile device today.

I still have my BBC commodore so can quickly prove this to be true!!

  • There was also no Facebook no Google, no Twitter, Instagram to name a few.
  • An iPad didn’t exist, a tablet was still something prescribed by your doctor.
  • Robotics amounted to watching K-9 on Dr Who!

In fact, everything was different … including control and access to data.

Bring the clock forward to a far more technologically advanced world…

More info

Talktalk data breach

The TalkTalk data breach, a record £400k fine and a warning to others

00Cyber Security, Data breachTags:

The TalkTalk Data Breach

On the 21st October 2015, TalkTalk became aware of a major security breach.  Over the following days and weeks, the severity and magnitude of that breach filled the headlines of the British and International newspapers. More than 150,000 users saw their personal information leaked. Of those, more than 15,000 users saw their bank account details compromised. 

“failed to apply software patches to a database, fixing a known exposure that had been identified more than 3.5 years prior to the breach.”

The next day, TalkTalk informed the Information Commissioners Office of the data breach. The TalkTalk data breach has cost about £60m and contributed to the loss of over 100,000 customers. The police are still questioning 6 individuals (all under 21 years of age) in relation to the crime.

The ICO Investigation to the TalkTalk data breach

Now TalkTalk is back in the headlines as the ICO issues a record-breaking fine of £400,000, due to security failings that allowed a cyber attacker to access customer data “with ease”. The ICO investigation found that the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information. Worryingly, TalkTalk failed to apply software patches, fixing a known exposure that had been identified more than 3.5 years prior to the breach. The report highlights that there were two additional attacks 12 weeks before the October breach which had not been detected. More info

Yahoo Data breach

Lessons from the Yahoo data breach

00Cyber Security, Data breachTags:

Lessons from the Yahoo data breach

Once again the headlines are dominated by news of another major breach, unsurprisingly it’s Yahoo data breach which has been made apparent.

What happened at Yahoo?

It’s a massive data breach, making Talk Talk, LinkedIn and Ashley Madison look tiny – 500 million records have been breached in what is being reported as a ‘state-sponsored’ hack with rumours of involvement from China, Korea or Russia. The breach occurred at some point in 2014 and impacts not just users of Yahoo, but potentially Sky and BT users as well.

Yahoo Data breach raises so many questions 

It is clear that this story will continue to run for many weeks and months. It raises so many questions; how much Yahoo knew? When did Yahoo found out? Why didn’t Yahoo recognise that a breach had occurred? And why do Yahoo think it was a state sponsored attack, given the data has found it’s way to the dark web?

I’m sure the new owners of Yahoo, the well respected communications company Verizon, will have many more questions. More info