Marking the one-year anniversary of General Data Protection Regulation (GDPR), the Information Commissioner’s Office (ICO) reported an increase in public awareness of the legislation; possibly the most important change in data privacy regulation in 20 years.
While this fact alone represents a positive step forward, the steepening fines under GDPR and changing requirements for trans-border data transfers were just a few of the other headline-grabbing issues discussed in the first half of 2019.
Eighteen months ago, companies were considered helpless victims when being attacked by unscrupulous hacker collectives from around the globe.
Today, however, companies are now seen as perpetrators of data loss.
As such, major companies and brands around the world are now on notice.
ISO 27001, the international standard for an ISMS (Information Security Management System), provides an excellent starting point for achieving the technical and operational requirements necessary to reduce the risk of a breach.
As a part of the Government’s National Cyber Security Strategy, the Cyber Essentials Scheme also seeks to ‘make the UK a safer place to conduct business online’; a scheme designed to promote and certify basic levels of technical protection against cyber-attacks.
If companies fail to have adequate security safeguards in place to protect their user’s data, they could be facing ‘millions in fines and penalties’, thanks to the much more stringent provisions of the EU GDPR.
In July 2019, the ICO issued notice of its intention to fine British Airways £183.39 million for GDPR infringements.
The following day, the ICO reported that it intended to fine the hotel chain, Marriott International $111.5 million for GDPR infringements relating to a cyber incident back in 2018.
These two fines represent the largest SO FAR handed out under the regulation.
These fines representing a massive wake-up call to all businesses that the ICO is very serious in its intent to enforce the law and that any subsequent penalties and fines can be substantial.
However, which industry or sector will the EU’s privacy watchdog home in on next?
Given its state of flux, the gambling industry maybe.
Mindful of recent changes to legislation and advertising rules, gambling brands have needed to rethink their approach to marketing. Gambling operators have also come under increasing focus after the industry was told it must do more to support customers at risk of harm.
The Gambling Commission (UKGC) has also levied penalty packages against several operators in respect of the money laundering policies.
As the “new oil”, customer usage patterns, their interests, their preferences, their purchases, their demographic and even socio-economic data all present new opportunities for insight and personalisation however, at what opportunity cost?
The more data you store, the more attractive your organisation becomes for hackers and cyber thieves, and the greater your liability exposure should a breach occur.
The W2 team are exhibiting at the Betting on Sport event in London on Wednesday 18th & Thursday 19th September (stand P7).
Please pop by the stand and say Hi. As our clients well know, we take what we hear from such events as the steer on what’s needed next on the Product Roadmap. You have the opportunity to feed into what we build.