GDPR/Data Protection/Data Protection Officer
Today’s clients expect their data to be protected by a business, irrespective of size. The consequences of poor data security cannot just ruin a business’ reputation but also financially affect its operating ability. Liability now lies not just with a company, but also at a personal level with its Directors, managers and people – and not just at criminal level – to ensure everyone is trained. GDPR affects organisations on a global basis, with equally global consequences for their balance sheets: the recent “administrative” fine of £183,000,000 on British Airways by the UK Information Commissioner’s Office for a data breach in 2018 involving 380 000 customers is just one example. This is a step up from the maximum fine of £500 000 that could be imposed under previous legislation but, at 1.8% of global turnover, still short of the maximum 4% of global turnover that could have been imposed. This enforcement action was followed by a fine on Marriot Hotels of £99 000 000 for a data breach of their hotel bookings system. The potential for a class action by those affected is yet to be seen and there is no ceiling on the consequential damages that could be awarded for material/non-material loss and distress. At the lower-end, enforcement action against organisations and individualscontinues in the courts with outcomes including criminal records, imprisonment, fines and victim surcharges: some Directors have been fined over £80 000. Once again, they could be subsequently subject to personal injury claims with unlimited ceilings.
Covid-19 has demonstrated that today’s businesses must be able to work as hybrids, both on-site and remotely. This environment provides its own security challenges – physical, human and systemic. Some organisations have quickly bridged the technical gap of remote-working but not considered their full responsibilities under GDPR;and could face enforcement action with multimillion £ fines. We can also cover the responsibilities that come with surveillance technology in or outside your premises.
We can offer Data Protection Officer services to your organisation.
Talk to us to tailor strategy & procedures to your organisation and training your people in their roles and responsibilities before a breach happens! (Link to Contact page) and
Our Remote Learning programmes: these can be delivered as webinars by one of our consultants or self-taught, complying with the GDPR requirement for initial or continuation training needs.