Skip to main content

AREN'T THEY LUCKY ITS NOT 2018!!


There is no such thing as a GDPR expert, they simply don’t exist, the changes are too wide ranging and grey to be understood and then explained to a proficient standard.

There are however people who are qualified to offer educated interpretation of what GDPR will mean for businesses in the UK and in fact the rest of the world.

I am not one of those people, I understand tranches of GDPR effects, limitation and fines, however I would not be able to advise outside of an insurance capacity.

What little I do know however is that when GDPR kicks in next year, there will be fines and penalties galore (Up to €20,000,000 or global turnover to be precise), starting with the bigger entities and trickling down.



Gloucester City council was recently fined £100,000 for the loss of 30,000 emails.

"Gloucester City Council fined £100k over mailbox hack

A council has been fined £100,000 after 30,000 emails containing sensitive information were downloaded.

The Information Commissioner's Office (ICO) issued the fine to Gloucester City Council after a cyber attack by the group Anonymous.

Sally Anne Poole, from the ICO, said the lapse was a "serious oversight".

The council said it took "swift and reasonable steps" in 2014 as soon as it was alerted to the vulnerability, adding it is considering an appeal.

Managing director of the council, Jon McGinty said he believed the penalty issued by the ICO will have a "serious and detrimental" impact on the authority's finances.
"The council did account for the risk of this potential fine in its accounts for 2016-17 but, nevertheless, its payment will only result in money being taken away from the people of Gloucester and given to Treasury," he added.

The ICO found the council did not have sufficient processes in place to make sure its systems had been updated while changes to suppliers were made.

Ms Poole said: "The council should have known that, in the wrong hands, this type of sensitive information could cause substantial distress to staff.

"Businesses and organisations must understand they need to do everything they can to keep people's personal information safe and that includes being extra vigilant during periods of change or uncertainty."


Had this had occurred in after May 2018 a few things would have happened differently. For one the incident would have had to be declared within 72 hours of the discovery of the breach. Secondly, the fines would have been substantially larger and open to far more investigation.

Interestingly, the saving grace for the council was simply that this was discovered and bought to a close before the time frame of the GDPR changes taking place.

From an insurance perspective, the important point to note is "The ICO found the council did not have sufficient processes in place to make sure its systems had been updated while changes to suppliers were made."

If the council had kept security protocols up to date, patched in a timely manner, educated staff proficiently and had an underlying Cyber Liability policy in place, not only would this risk of this event occurring been reduced significantly, but the fine would have also been reduced due to the level of precaution taken by the council.

Don't just prepare yourself for GDPR, future proof yourself for an inevitable breach, the risk is knocking on your door right now. Promote IT issues to a board level issue and invest in all your systems as well as the right insurance package.



Tristan Antrobus-Holder
Client Relationship Manager - James Hallam



Comments

Post a Comment

Popular posts from this blog

TESCO BANK ATTACK: THE FIRST PUBLIC BANK HACK?

High profile hacks have happened before, we've all read about Talk Talk, Ashley Madison and Sony. We all know the words on every business leaders lips are currently Cyber, Data protection and Ranson-ware. So why is the Tesco hack any different? Why should we take notice of this attack more than any of the above incidents? Quite simply becuase this is the  first time that a UK bank has reacted so publicly by stopping some types of transactions on a web banking system because of "online criminal activity". Banks are targeted all the time but typically those attacks just hit a few individuals, so do not bring about a site closure. In this case, as far as we can tell, a lot of people lost cash very quickly. You've probably read about the Natwest bank errors that lead to the public being unable to withdraw cash or pay direct debits, this is well known to insiders as an organised international hack attempt on the Natwest servers, easier to simply turn off the ...
Post a Comment
Read more

HOW DRIVERLESS CARS WILL CHANGE INSURANCE

Did you know that motor insurance makes up roughly one third of the total global insurance premiums taken by insurers? Did you know that driverless cars are due to bring accident rates on the worlds roads down by 99% ? (If countries and road systems were to fully implement driverless vehicles). The vehicles will be on the streets of our towns and cities sooner rather than later, the only thing stopping them is legislation, the technology is ready. Therefore basic mathematics points towards the insurance market taking a huge hit in the coming years. There isn't a glowing silver lining either, the claims that will likely occur involving driverless vehicles will be system related, 3rd party hacking or breakdown, usually low frequency events but high pay out, meaning prediction and pricing will be wayward for at least the first 3 years. While this may mean (in a fair world) super low insurance premiums for driverless car owners, what happens to those of us stu...
Post a Comment
Read more
Introductions Hello everyone,  Welcome to Tristan Insures, hopefully you're here because you were directed from Linkedin or Twitter, if however you were looking for something or someone else, please stay, we have a fountain of " insider " Insurance information to discuss! My name is Tristan, I work for an Independent Insurance Broker in central Birmingham. This blog is an opportunity for me to discuss all things Business and Birmingham. I'll be bringing breaking insurance news, insider information on the best and worst of the market, sprinkled with some useless Birmingham gossip. So keep your eyes peeled and ears open, if you get any scoops, send them my way and hopefully enjoy the read! - Tristan  Tristan is the Client Relationship Manager for James Hallam Brokers ltd Birmingham
Post a Comment
Read more