General Data Processing Regulations – 2018

A personal data breach is a breach of security leading to accidental or unlawful destruction, loss, alteration of unauthorised disclosure of, or access to, personal data.

As a company do you have a GDPR officer or at least someone who is competent to advise the organisation on what security measures you need in place in order to protect the data you hold. Do you understand what data you process and who has access and how long it should be kept?

It’s really important to comply with GDPR legislation or even understand how GDPR works could benefit your business. The GDPR legislation was introduced to put in place to protect all of our personal data, securing both individual privacy and business confidentiality.

If you have a company data breach of security there are two fines:
• Up to €10 million, or 2% of annual global turnover whichever is higher
• Up to £20 million, or 4% of annual global turnover whichever is higher

In reality there have been some heavy fines:

Carhone Warehouse Logo

Carphone Warehouse –
£400,000 fine after serious security failures putting both customer and employee data at risk

Facebook Logo

Facebook –
£500,000 fine – Cambridge Analytica scandal where personal data of millions of Facebook users was used without their consent for political advertising

Bupa Logo

£175,000 for failing to implement security measures that would protect their customers personal information

Heathrow Logo

Heathrow Airport –
£120,000 fine for failing to secure personal data held on its network

Uber Logo

Uber –
£385,000 fine for failing to protect their customers and drivers personal information during a cyber attack

British Airways Logo

British Airways –
£183 million fine for a data breach that compromised the personal details of over 500,000 customers

Marriot International Logo

Marriott International –
£99 million fine for failing to protect personal data of 339 million guests

Ticketmaster Logo

Ticketmaster Ltd –
£1.25 million for not protecting customers payment details

It’s not just about protecting data of customers, employees and the business it’s also about invading someone’s privacy with nuisance calls or emails that are unwanted.

Leads Work Ltd sent 2.6 million nuisance calls to people during the pandemic and received a fine of £330,000.

Muscle Foods Ltd fined £50,000 for a sending text messages to customers without consent.

Did you know that you cannot provide a personal reference for an ex employee without securing their permission because it would be considered a “breach” albeit a small one. If you need some advice on what you can or cannot do and stay within the law, please give us a call to discuss and we can provide you with guidance.

Let us help you get started

We have many years’ experience of resolving complex challenges facing the business today and tomorrow.
Let us take care of your HR issues whilst you manage the rest of your business – call us today for a free consultation.