GDPR has now been in force for over 4 months and while the flurry of inbox activity around privacy notices has now calmed down, the Information Commissioner’s Office (ICO), have issued an update on their GDPR activities over the past few months.
The ICO are responsible for regulating GDPR in the UK and their recent report reveals they receive around 500 calls per week to their breach reporting phone line. Over half of the cybercrimes which led to a security breach were caused by phishing with ransomware and malware being the other main culprits. The ICO report highlights the following learnings:
- It is important for organisations that they have a robust incident reporting plan in place and that their team know exactly where to find it and what to do if they were faced with a breach situation.
- Incidents must be reported within 72 hours and it is key that the person reporting the breach is authorised to discuss the problem detail if required.
The Canadian data analytics firm AggregateIQ received the ICO’s first violation notice of GDPR. They face a fine of up to €20m or four per cent of the company's annual turnover, whichever is higher, AggregateIQ have lodged an appeal. Although the data in question was gathered before GDPR came into force on 25th May 2018, the ICO has said AggregateIQ is still liable as they were still holding the data when GDPR came into force
It is worth noting that organisations which process personal data are required to register with the ICO. They have now begun formal enforcement action against over 30 organisations who are failed to pay the new data protection fee. All organisations must pay the fee unless they are exempt. Those who don’t face a maximum fine of up to £4350.
GDPR compliance continues to be a concern for many SMEs. We can help advise on action you can take to ensure your systems are secure. We recommend the UK Government’s Cyber Essential’s Scheme as a great first step in ensuring your company data is protected. We have been independently assessed and accredited as ACE Practiticioners of Cyber Essentials – which means our consultants are qualified to support our IT Support and IT Security customers through the Cyber Essentials certification journey. A multi-layered approach to cyber security is an essential part of this process and something that we recommend for all of our IT support customers across Glasgow, Edinburgh and throughout central Scotland. Why don’t you contact us today for advise on how we can help with your IT support and IT security requirements?
RedMosquito provider IT support services in Glasgow, Edinburgh and throughout central Scotland.