- Employee awareness
- 5 min read
Since the General Data Protection Regulation (GDPR) was introduced in May 2018, the Information Commissioner’s Office (ICO) has received an average of 1,000 data breach reports every month.
There have been several high-profile data breaches. These include British Airways having 380,000 transactions compromised and Timehop with 15 million accounts being accessed as a result of an attack.
The first anniversary of GDPR is a timely reminder that data and information are key to business operations. All individuals are custodians of the data handled every day and they must protect and respect it. Without customers’ trust and a strong reputation, companies will struggle to succeed.
Let’s not forget that the UK has also seen the introduction of supplementary data protection legislation – the Data Protection Act 2018 (DPA 2018).
DPA 2018 provides additional powers not covered by GDPR. For example, investigators can request a warrant to search premises in the event of a data security incident, and individuals or organisations can be prosecuted for failing to provide information.
Destroying or altering any information named in a warrant can also lead to prosecution. These new powers will assist the ICO when investigations are delayed due to information being tampered with.
The new act also deals with data processing that does not fall within European Union law, for example, processing personal data related to UK immigration and national security. It also details the handling of special category data when it is a matter of ‘significant public interest’, such as processing for journalism, insurance, pensions or standards of behaviour in sport.
The other welcome change is that DPA 2018 takes account of today’s internet, digital technologies and social media.
The frequency and methodology of attacks are sustained year on year, although they are becoming more sophisticated.
To build resistance to attacks, companies require a systematic and sustained approach to data protection, complimented by effective methods of employee learning and development.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51