THE COST OF NON-COMPLIANCE

The General Data Protection Regulation (GDPR) became law in May 2018, as the Data Protection Act (DPA) 2018 in the UK. In the honeymoon period since, there have been no DPA 2018 prosecutions in the UK. As a result, many organizations did not make the issue of data privacy a priority, as other risks within the organization took precedence. Behind the scenes, the Information Commissioner’s Office (ICO) has been investigating a number of data breaches involving personal information. This involves building up the cases for successful prosecutions, which can take up to 12 months. This honeymoon period ended on 8 July 2019, as the ICO issued a record penalty of £183m for a UK-based global brand, due to a breach of the DPA 2018. This fine amounted to 1.5% of this organization’s global annual turnover. However, the fine could have been up to 4% of global annual turnover, which in this case, would have been around £500m. It was always expected that the ICO would make some high-profile examples, to make other organizations pay attention, as all organizations handle personal data. By certifying to BS 10012 and ISO/IEC 27001, organizations can demonstrate to the ICO compliance for both data privacy and information security requirements, as required by DPA 2018 & the GDPR. This can reduce the risk of significant financial penalties, and serious reputational damage, for all organizations.

For more information on THE COST OF NON-COMPLIANCE talk to SGS United Kingdom Ltd