Mis-sent emails and cyber attacks - the many faces of a data breach
“When most people hear the term data breach they think of a large scale hacking by foreign cyber criminals but, in reality a breach can come in a much more mundane and simple form.
Under GDPR a data breach is defined as - ‘A breach of security leading to the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, personal data, transmitted, stored, or otherwise processed.’
But what does this mean for you and your organisation?
Here are some previous examples of fines issued by the ICO. It is worth remembering when considering these fines that these were issued under the previous legislation with fines capped at £500k. Under GDPR the ICO will have the power to issue fines of up to 34 times higher!
- A solicitor sent an email to the wrong person - fined £120k
- A social worker left papers on a train - fined £70k
- A filing cabinet was sold containing old files - fined £185k
- Medical records were left in a disused building - fined £225k
- A report was posted to a wrong address - fined £60k
- A memory stick was stolen from a staff member’s home - fined £150k.
Along with each of these fines the ICO issue a press release, publicising your sanction. The combined monetary and reputational damage can have serious repercussions on the sustainability of a business, in some cases leading to business failure.
To hear more about how we can help your organisation to become GDPR ready and avoid the penalties associated with non compliance, visit briefed.pro/gdprservices”.