Not so long ago, it was the word on everybody’s lips and you couldn’t go onto social media without GDPR being discussed. Being the marketing and social media person at MyCRM I’m the first to see any events unfolding in the business world and it is scary to see how many businesses are still not prepared or are uninformed about GDPR, thinking “it’ll never happen to us…”.
Since GDPR became law in May earlier this year, you see less GDPR discussions on social media, however now cracks are beginning to show and we are beginning to see popular, trusted brands fall into the hands of cyber-attacks and the loss of their loyal customer’s information.
Were they prepared?
Had they done their research?
You may have noticed that fines haven’t been as high as you may have first thought however, many of these business’s data breaches had come before the GDPR regulation came into force. Now you will see that fines for data breach are up to €20 million (£17.6 million) or 4% of global annual turnover, depending on which is higher!
Some of the examples of the recent, real life data breaches are below, where some fines are still under consideration:
Back in 2017, before GDPR came into force, Dixons Carphone had a data breach which affected a whopping 10 million of their customers. They first reported the breach in June this year. It was reported that customer’s names, addresses and email addresses had been accessed, however they were aware that no financial information had been taken. When queried about compensation, they advised that because none of their customer’s had lost any money there would be none. Maybe not the best tactic?
It is not currently known whether the previous data act fine will be enforced as there is also a chance the GDPR fine could be incurred… only time will tell, but we know whatever happens, the reputation of Dixons Carphone will forever be damaged.
Facebook came under fire a few months ago when it was understood that they’re data breach had affected 87 million. Back in 2014, Facebook users were invited to find out their personality type in a quiz. Not only did the app record the data of those taking the quiz, it also recorded the public data of their friends. Some of the data was sold to Cambridge Analytica who used it to psychologically profile voters in the US. However, because this happened before GDPR became into effect, a fine of £500,000 is being issued.
Last week I received an email from Superdrug to say the following:
This is still very fresh and no news articles have stated whether a fine will be incurred. Superdrug are stating that their system wasn't compromised, and hackers had accessed the information of their customer's from other websites. Unfortunately for Superdrug, we know that this has occurred after the GDPR regulation has come into force. From the above email, it is obvious that details have been obtained by hackers so it will be interesting to see what the ICO will discover and decide in terms of the fine.
Don’t wait until it’s too late
After finding an article on ComputerWeekly, according to a survey by security firm Imperva conducted among attendees of Infosecurity Europe, 28% of organisations do not feel completely compliant with the EU’s GDPR regulation. From these well-known business examples above, you can see it’s as important as ever to be compliant and whilst this isn’t a quick process it is vital that it is done for the safety of your business and it's customer data. From the fine itself, we know that any usual SME is unlikely to survive a hit of that amount of money, therefore your business’s life potentially, in essence, could be on the line!
Get GDPR help with our Book
Get all the guidance you need about GDPR from our book.. In March this year we released our publication “The Essential Business Guide to GDPR” with the idea of putting together all of the GDPR documentation and to give a business perspective. It includes example templates that can be downloaded to help you as a business owner, to meet your objectives for accountability under the GDPR regulation. Get on your way to being compliant today!
You can purchase the paperback or eBook from Amazon here: https://www.amazon.co.uk/Essential-Business-Guide-GDPR-understanding/dp/1980534535/ref=pd_rhf_gw_p_img_2?_encoding=UTF8&psc=1&refRID=X4MNZA3W2J5R7NFK544J