British companies will now be expected to disclose all data breaches and could be fined up to £16.9 million. The laws adopted and extended from the Brussels data standards are due to come into force in 2018.
The EU law, called the General Data Protection Regulation (GDPR), introduces strict penalties for companies that suffer data breaches. Companies must disclose when breaches occur, and forces them to obtain clear consent before processing citizens’ information. Under the new rules companies will face “more stringent sanctions” and could be fined up to 4pc of global turnover or £16.9m for a breach, be it from a cyber-attack or human error.
Matt Hancock, the culture and digital minister said, ‘companies have a responsibility to protect their customers’ information and that the Government wants to incentivise strong cyber security.
The Government warned that companies are not doing enough to protect themselves, in spite of one company losing £3 million following a breach. It comes after numerous high profile cyber-attacks have resulted in the loss of millions of UK customers’ details.
Experts say the significant number of breaches reported under the new system will shock the public, given that the majority of companies currently manage incidents without disclosure.
With these new laws being introduced in 2018 companies should be looking this year to secure their systems and train their staff to ensure they minimise the risk to their company and customers. To help business train staff borwell are running Cyber Security Training to find out more visit www.borwell.com/cyber-security-refresher-workshop or call 01684 377980