This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services.

You consent to our cookies if you continue to use this website.

Fines and Compulsory Client Notifications – The Update to the Data Protection Directive

15/12/2012

Cyber attacks are becoming more prominent in the news, and the targets of these attacks are not just household names, meaning protecting your business from phishing scams, hackers and viruses is vital in keeping data protected.

Clearly, successfully preventing an attack is the ideal situation, however should your business fall prey to a sophisticated cyber attack, being aware of relevant legislation and how to proceed is essential.

Under the current data protection rules in the UK, should your clients’ details be compromised in an attack, it is up to you to decide whether or not to contact each customer individually and inform them of the situation, but it isn’t compulsory. However, under the updated Data Protection Directive (expected to be introduced in 2014) it is to become compulsory to notify customers within 24 hours that their data has been breached.

This means that not only would you have to pay the proposed fine, but also for the additional manpower and time dedicated to notifying customers. On top of this, the after effects of lost trading following the breach, plus the damage to reputation, can seriously hinder you company. Many companies are simply not able to afford the security mechanisms available to larger organisations.

With 1000 cyber attacks on UK businesses an hour, with the average industry cost estimated to be between £15,000 and £30,000 per attack, it is vital to have the correct protection in place to ensure the survival of your business.

So what can you do to protect your business against cyber attacks?

As the saying goes, prevention is better than cure, and ensuring your business is protected as far as possible against cyber attacks will lower the chances of a breach and reduce your loss should your systems be compromised.

Important tips:

  • Conduct regular and consistent staff training on data protection
  • Regularly execute audits and privacy assessments
  • Ensure you keep up to date with all the elements of data protection and regulations
  • Make sure the business has the correct cyber liability insurance policy in force
AE_Logo_2018_wo