Across Europe, companies of varying size have been hit with GDPR-related fines of varying amounts as a result of negligence or carelessness.
As illustrated by research published by Computer Disposals Limited, this reality demonstrates that GDPR’s fines for any infractions area very real risk no matter who, or how big, you are as a company.
Case in point, two of the UK’s most well-known businesses, British Airways and Marriott, failed to adequately protect their customer’s data. This led to two respective cyberattacks where sensitive data was accessed and harvested, a breach in GDPR policy that resulted in massive fines, as well as a PR disaster, for both companies.
With regards to the latter, losing customer trust through any apparent misuse of their data – whether it’s the business’ fault or not – can be a big deal. Once trust has been lost, it’s very difficult to gain it back. And when customers turn away from your business, the same could happen to sponsors, suppliers and other businesses if the reputational damage is that severe.
It’s important to be as prepared as possible in this regard. If something happens that could end in a PR disaster, then a business has to be able to communicate effectively if something does happen. Ensure that your communications department, if you have one, is able to lessen the impact to your reputation, and sort out support for social media and mass customer messaging.
What’s perhaps more important, however, is the measures you can take to avoid being fined in the first place. If you’ve been entrusted with data from customers or other businesses, then it’s imperative that you have the appropriate cybersecurity measures in place to avoid the errors that befell Marriott and British Airways. These large fines underpin the importance of maintaining the highest standard of cybersecurity; data breaches and cyber-attacks can happen to anyone and no one is exempt from adhering to the policies of GDPR.
As a business, strengthening your cybersecurity offering should be one of your top priorities. With 2020 well underway, and increasing fines likely to be levied to businesses of all kinds, guarding yourself against fines and cyber-attacks should be on the agenda going forward. As a business, consider conducting an annual external penetration test on IT systems to identify weak points and, most importantly, address them going forward.
A multi-layered approach to cybersecurity is essential right now; a firewall on its own is no longer sufficient. Improve your chances against threats by using technology that employs unstructured data, make the transition into automating manual processes and condense data storage down to one location.
Additionally, the exploitation of personal data can be further reduced through consolidation of network access endpoints into one entry dashboard. Data leakage in the supply chain can be stymied by performing routine checks throughout each stage, such as website traffic, social media interaction, emails and other online engagements can unearth what measures need to be taken.
There are a huge number of different measures your business can take. What’s important to know is that now that GDPR is in place, data protection falls into two discrete tiers: the controller and the processor. With the extra requirements due because of cybersecurity and GDPR compliance, businesses may want to consider looking into hiring a data protection officer in order to take on the challenge of data-processing activities. This move could have an immediate impact on cybersecurity, and help guarantee long-term safety.
By Ben Griffin, Computer Disposals Ltd
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/