The European Union law that governs personal electronic data management known as General Data Protection Regulations (GDPR) will make the penalties for breaches tough and raise the reputational risk.
The previous rules, to some extent, allowed organizations to decide whether and when to reveal an occurrence of data breaches. Under the mandatory breach notification regime of this law, information pertaining to data transgressions will be in the public domain by default. The GDPR mandates companies to provide information on when data contravention happens and requires them to obtain users’ approval before processing information across the EU bloc. Infringement penalties will be taken into account on a case by case basis and will consider several criteria. Such criteria may include the intention of the breach, number of affected subjects, previous record and cooperation.
The significance of the General Data Protection Regulation cannot be overstated and it is set to take effect on 25 May 2918. British companies must prepare for its dispensation since these regulations will form part of the UK domestic laws regardless of the Brexit outcome. In this case, businesses are urged to comply with the new regulatory landscape or face the consequences. Presently, ICO charges a maximum fine of £500,000 on firms that fail to observe customer information protection. Under GDPR UK companies will face severe sanctions with overwhelming penalties of up to 4% of global revenue or £16.9m, whichever is larger. These changes are designed to ensure privacy protection and robust cyber security.
Apart from terrorism, the past occurrences imake the UK authorities more determined to see that the GDPR is implemented and strictly observed. For instance, the loss of £3 million by a firm due to a breach necessitates structural and legal changes to prevent re-occurrence in the future. In addition, high profile cyber-attacks have been the main reason for the loss of millions of consumers’ information details including TalkTalk, three and Yahoo.
Although the law may appear to be tough, its legal framework may help to address the cyber security issues in the UK. It will introduce provisions that sanction companies to disclose data contraventions and the introduction of privacy watchdogs.