For GDPR, the day of reckoning is nearly upon us.
For GDPR, the day of reckoning is nearly upon us. From 25 May, the biggest change to data protection law since the 1990s will come in to force – and businesses will have to play ball.
Fines for non-compliance have been stated as €10 million or up to 4% of annual turnover – whichever is higher. Either way, for companies big and large, it’s a serious issue – and if you haven’t started putting in place your plans for GDPR, it’s safe to say you need to do something fast.
But beyond the regulations themselves, another issue has been rightly pointed out; one that could have serious implications for any business that carries a large amount of sensitive customer data.
Why every business needs to care about cyber security
Cyber-crime is a big issue in the UK – a far bigger issue than most of us realise.
It cost the UK over £11 billion in 2016, and collectively, the UK’s 5.4 million small businesses are attacked more than seven million times a year. And amazingly, cyber-crime accounted for 30% of all crime in the UK between July 2016 and July 2017.
The fact that businesses are being forced to get their data in order for GDPR D-Day has been seen as a great chance to fortify our cyber defences too. The two go hand-in-hand, after all.
In fact, one of the GDPR principles states that personal data must be processed in a manner that ensures an appropriate level of security. Given the size and complexity of the legislation, that can easily be overlooked.
But there’s another story to all of this that businesses must take note of.
With bigger stakes come bigger ransoms
2017 was really the year that cyber-attacks went mainstream, with huge malware attacks including the ‘WannaCry’ episode.
The prize for hackers was always data. Data presented the prospect of ransoms, and the size of ransoms really depended on the size of the business. The perfect example is Uber.
Uber was hacked which saw data from 57 million customers compromised. The hackers then successfully blackmailed Uber for £750,000 – a paltry sum compared to what could happen under GDPR. But Uber paid in the hope that the data breach wouldn’t be exposed – which of course it was.
After 25 May, Uber would have been penalised twice under the new legislation: once for the data breach itself, and once for the cover up. Each would come with a fine of between 2 and 4% of turnover, which in Uber’s case would mean hundreds of millions of dollars.
The point is, hackers know this – and they’re going to try to leverage GDPR in their favour. Ransomware attacks could increase in number – and the price of ransoms will go sky-high.
GDPR is a wake-up call not only to businesses but to criminals too. So as your GDPR plans come together, double your security efforts. It’s worth the investment.
At XLN we’re helping our small business customers to get GDPR-ready – and you can read our short guide here.