GDPR, the New EU General Data Protection Regulation is coming into force in May 2018 and as cyber-attacks continue to hit organisations and the headlines it’s important that businesses minimize the risks of a breach.
The Information Commissioner, Elizabeth Denham, has said that; “Cyber security is not an IT issue, it is a boardroom issue”
Telecoms company TalkTalk has been issued with a record £400,000 fine by the ICO for security failings that allowed a cyber attacker to access customer data “with ease”.
And it’s not just the financial penalties (that will certainly increase after GDPR comes into force) it’s also the damage to reputation and trust.
ICO investigators found that the cyber attack between 15 and 21 October 2015 took advantage of technical weaknesses in TalkTalk’s systems.
The attacker accessed the personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In 15,656 cases, the attacker also had access to bank account details and sort codes.
Elizabeth Denham stated that; “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.
Yes hacking is wrong, but that is not an excuse for companies to abdicate their security obligations. TalkTalk should and could have done more to safeguard its customer information. It did not and we have taken action.”
Under the new EU GDPR the financial penalty could have been much higher, up to 4% of global annual turnover!
GDPR is coming, ready or not, and its probably time you thought about getting ‘ready’!
Find out how to ensure that your company is fully prepared for the implementation of GDPR by attending the GDPR Summit Series, designed to help businesses prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
In addition to marketing teams, this conference will ensure representatives from across the public and private sector including: C Suite (CEO, CIO, CTO, CMO), Heads of Legal, HR & Finance Teams:
- Understand the implications of the General Data Protection Regulation
- Get to grips with new obligations and ensure their organization is compliant
- Start preparing for and Implementing the General Data Protection Regulation
- Gain invaluable instruction and insight on the General Data Protection Regulation
- Learn how to avoid heavy fines and loss of reputation
- Discover if they need to appoint a Data Protection Officer
Further information and conference details are available at www.gdprsummit.london