recent work

Firms bite back in response to EU data breach proposals – DataWise can help

Yesterday, we reported that Viviane Reding, Justice Commissioner, has announced proposals to ensure organisations report all data breaches to their national supervisory authority (in the UK’s case, the Information Commissioner’s Office, or ICO) within 24 hours.

Computerworld has since reported that ‘many companies don’t have the sophisticated systems for identifying breaches in the first place’, which could prive difficult in reaching the 24 hour deadline. “Mandatory reporting of data breaches within 24 hours will be difficult, if not impossible, to comply with,” said Bridget Treacy, partner at law firm Hunton & Williams.

Gerhard Eschelbeck, CTO at IT security firm Sophos, agreed, describing the deadline as “very aggressive”, and said that this would impact the quality of the breach notifications.

In the same announcement, Reding proposed a staggered fining system, with organisations fined between 0.5% and 2% of their revenues for serious data breaches. This proposal has been met with worry among many businesses.

Pat Phillips, practice director at consultancy Xceed, said that this was a particular area of concern.”The real worries are around those parts of the bill that can directly impact the bottom line. With the threat of a fine of up to two percent of annual global turnover, CISOs will already be girding themselves for safeguarding the business’ profitability alongside its data,” he said.

Marc Dautlich, head of information law at law firm Pinsent Masons, agreed that the new regulations will have a significant impact on business costs.

“[With the two percent fine] the penalties for non-compliance are extremely large,” he said. “Fixed costs on medium-sized companies will increase as they will need to appoint a data protection officer, no matter how little personal data they actually process in Europe.”

Francois Zimmermann, CTO at Hitachi Data Systems UKm interestingly pointed out that “To implement effective data management policies, the rules and policies should be updated as part of an evolutionary process, which changes being introduced as and when they are needed, rather than in a raft every few years or so. This will challenge organisations to have an infrastructure in place that can cope with this constant change.” And this is where our service, DataWise, can help.

DataWise is a service committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. DataWise, one of our services, provides clients with a data protection toolkit, which offers a robust and effective solution in reducing the risk of data breaches. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or cal us on 01423 790125.