New data protection laws could cause pain for businesses

New data protection laws could cause pain for businesses

Incoming pan-European IT security legislation could leave businesses open to financial turmoil

Sweeping reforms to data protection legislation could cause significant pain to businesses that fall foul of the law, warns Grant Taylor

THE NEW YEAR is expected to bring sweeping reform to the European Commission’s pan-European data protection legislation and has been heralded as the first significant update of data protection since 1995.

The most significant anticipated difference is that organisations will have just 24 hours to notify their respective supervisory authority of a breach – in the UK this would be the Information Commissioner’s Office (ICO) and, at present, is not actually compulsory.

Also, if the data breach is likely to adversely affect the protection of the personal data or privacy of the people concerned, then the organisation must also inform the Commissioner’s Office within a day. Again, this is currently not compulsory in the UK.

Thirdly, the penalties for severe failures in data protection could rise to 5 per cent of the company’s global annual turnover for serious failures. The ICO can fine organisations up to £500k for serious data breaches, although the highest to date has been £130,000.

The bottom line is that these changes mean any breach will have a financial impact on the organisation to some degree – whether directly through fines, or indirectly through incurred costs, brand damage, share price erosion, the list goes on, making containment crucial.

But, these changes will affect all companies that work in the European Union. Organisations headquartered outside the EU, but operating within it, won’t be able to slip the net as they too will be subject to these new rules, as well as organisations that sell customer data to third parties.

What next?

The European Commission hasn’t actually announced the changes to date, and even when they do they will need to be sanctioned by national governments, so nothing will change overnight. Rather than wait, organisations should act now and implement the necessary culture change which will take time.

Organisations should review and, where appropriate, strengthen data protection and IT security policies and procedures, so everyone knows and understands their personal responsibility for data protection.

Embedding an automated policy management solution into an organisation is a viable way to create and sustain a culture of compliance, where people understand their responsibilities and the importance of adhering to corporate standards.

The ICO’s current recommendation is to use approved encryption software designed to guard against the compromise of information.

Businesses will need to start organising themselves to consider the financial ramifications of having weak data security. But, they must not forget to also protect themselves by implementing procedures so that if a breach occurs they do not fall foul of incoming EU legislation.

Grant Taylor is a UK VP at Cryptzone

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get your daily business insights

Resources & Whitepapers

The importance of UX in accounts payable: Often overlooked, always essential
AP

The importance of UX in accounts payable: Often overlooked, always essentia...

10m Kloo

The importance of UX in accounts payable: Often ov...

Embracing user-friendly AP systems can turn the tide, streamlining workflows, enhancing compliance, and opening doors to early payment discounts. Read...

View article
The power of customisation in accounting systems
Accounting Software

The power of customisation in accounting systems

10m Kloo

The power of customisation in accounting systems

Organisations can enhance their financial operations' efficiency, accuracy, and responsiveness by adopting platforms that offer them self-service cust...

View article
Turn Accounts Payable into a value-engine
Accounting Firms

Turn Accounts Payable into a value-engine

4y Accountancy Age

Turn Accounts Payable into a value-engine

In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...

View resource
8 Key metrics to measure to optimise accounts payable efficiency
AP

8 Key metrics to measure to optimise accounts payable efficiency

10m Kloo

8 Key metrics to measure to optimise accounts paya...

Discover how AP dashboards can transform your business by enhancing efficiency and accuracy in tracking key metrics, as revealed by the latest insight...

View article