Whilst Tesco Bank has enlisted the help of the National Cyber Security Centre (NCSC) and quickly reimbursed the 9,000 customers who were affected by the recent £2.5m cyber attack, the gravity of the forthcoming EU General Data Protection Regulation (GDPR) has become clear. Given companies can be fined up to 4% of worldwide group turnover, it has been estimated that Tesco Bank could be fined nearly £2bn under GDPR rules for this incident.
Elsewhere, a year on and a 17-year-old has pleaded guilty to seven hacking offences, which cost TalkTalk a predicted £60m, including a record £400,000 fine from the ICO. Again, if the breach had occurred under the GDPR, TalkTalk would have been fined in the region of £70m.
These two examples make it patently clear businesses need to take immediate action. An action plan needs to be in place and necessary tasks carried out to ensure compliance prior to the GDPR coming into force in May 2018, otherwise, they face an increasing threat of serious reputational and financial risks.
Are your employees aware of the forthcoming changes? Is there an intention to create a communication plan to raise awareness of the impact that the GDPR will have on your business? If not, we can help you create this plan and then design campaigns that will help increase understanding in a practical and relevant way.